CVE-2024-23211 - OpenCVE

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Ipados Iphone Os Macos Safari Watchos

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jan/27
http://seclists.org/fulldisclosure/2024/Jan/33
http://seclists.org/fulldisclosure/2024/Jan/34
http://seclists.org/fulldisclosure/2024/Jan/36
http://seclists.org/fulldisclosure/2024/Jan/39
https://support.apple.com/en-us/HT214056
https://support.apple.com/en-us/HT214059
https://support.apple.com/en-us/HT214060
https://support.apple.com/en-us/HT214061
https://support.apple.com/en-us/HT214063

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-01-23T00:25:20.675Z

Updated: 2024-08-01T22:59:32.037Z

Reserved: 2024-01-12T22:22:21.476Z

Link: CVE-2024-23211

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-23T01:15:11.087

Modified: 2024-02-26T18:24:10.707

Link: CVE-2024-23211

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23211", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.476Z", "datePublished": "2024-01-23T00:25:20.675Z", "dateUpdated": "2024-08-01T22:59:32.037Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A user's private browsing activity may be visible in Settings"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings."}], "references": [{"url": "https://support.apple.com/en-us/HT214059"}, {"url": "https://support.apple.com/en-us/HT214063"}, {"url": "https://support.apple.com/en-us/HT214056"}, {"url": "https://support.apple.com/en-us/HT214060"}, {"url": "https://support.apple.com/en-us/HT214061"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/27"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/33"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/36"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/34"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/39"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-01-23T00:25:20.675Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.037Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214059", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214063", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214056", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214060", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214061", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/27", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/33", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/36", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/34", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/39", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D6F41D4-58ED-4E0B-90B4-3EDDB7CEA240", "versionEndExcluding": "17.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97", "versionEndExcluding": "16.7.5", "versionStartExcluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF", "versionEndExcluding": "17.3", "versionStartExcluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D", "versionEndExcluding": "16.7.5", "versionStartExcluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF", "versionEndExcluding": "17.3", "versionStartExcluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1", "versionEndExcluding": "14.3", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03", "versionEndExcluding": "10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de las preferencias del usuario. Este problema se solucion\u00f3 en watchOS 10.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. La actividad de navegaci\u00f3n privada de un usuario puede ser visible en Configuraci\u00f3n."}], "id": "CVE-2024-23211", "lastModified": "2024-02-26T18:24:10.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-23T01:15:11.087", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/27"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/33"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/34"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/36"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/39"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214056"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214059"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214060"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214061"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214063"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}