CVE-2024-23235

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23235
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/24 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/25 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/26 Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214081 Vendor Advisory
https://support.apple.com/en-us/HT214082 Vendor Advisory
https://support.apple.com/en-us/HT214084 Vendor Advisory
https://support.apple.com/en-us/HT214086 Vendor Advisory
https://support.apple.com/en-us/HT214087 Vendor Advisory
https://support.apple.com/en-us/HT214088 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/24 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/25 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/26 Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214081 Vendor Advisory
https://support.apple.com/en-us/HT214082 Vendor Advisory
https://support.apple.com/en-us/HT214084 Vendor Advisory
https://support.apple.com/en-us/HT214086 Vendor Advisory
https://support.apple.com/en-us/HT214087 Vendor Advisory
https://support.apple.com/en-us/HT214088 Vendor Advisory
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214087
https://support.apple.com/kb/HT214088
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

04 Nov 2025, 19:16

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214082 -
  • () https://support.apple.com/kb/HT214084 -
  • () https://support.apple.com/kb/HT214087 -
  • () https://support.apple.com/kb/HT214088 -
Information

Published : 2024-03-08 02:15

Updated : 2025-11-04 19:16

NVD link : CVE-2024-23235

Mitre link : CVE-2024-23235

CVE.ORG link : CVE-2024-23235

JSON object : View

Products Affected

apple

  • watchos
  • visionos
  • ipados
  • iphone_os
  • tvos
  • macos
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor