The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
History

Fri, 06 Dec 2024 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos
Fedoraproject
Fedoraproject fedora
Webkitgtk
Webkitgtk webkitgtk
Wpewebkit
Wpewebkit wpe Webkit
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos
Fedoraproject
Fedoraproject fedora
Webkitgtk
Webkitgtk webkitgtk
Wpewebkit
Wpewebkit wpe Webkit

Wed, 04 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-08T01:36:07.243Z

Updated: 2024-12-04T17:21:36.617Z

Reserved: 2024-01-12T22:22:21.487Z

Link: CVE-2024-23254

cve-icon Vulnrichment

Updated: 2024-08-01T22:59:32.080Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-08T02:15:48.663

Modified: 2024-12-06T02:54:01.530

Link: CVE-2024-23254

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-07T00:00:00Z

Links: CVE-2024-23254 - Bugzilla