CVE-2024-23293
MEDIUM | Platform: iOS | Changelog
CVE Details
Description
This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 4.6 (MEDIUM) |
| Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
- Apple Security Advisory
- NVD Entry
- https://support.apple.com/en-us/120881
- https://support.apple.com/en-us/120882
- https://support.apple.com/en-us/120895
- http://seclists.org/fulldisclosure/2024/Mar/21 (Mailing List)
- http://seclists.org/fulldisclosure/2024/Mar/24 (Mailing List)
- http://seclists.org/fulldisclosure/2024/Mar/25 (Mailing List)
- https://support.apple.com/en-us/HT214081 (Vendor Advisory)