CVE-2024-23206
Summary
| CVE | CVE-2024-23206 |
|---|---|
| State | PUBLISHED |
| Assigner | apple |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-01-23 01:15:10 UTC |
| Updated | 2026-04-02 19:16:54 UTC |
| Description | An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user. |
Risk And Classification
Primary CVSS: v3.1 6.5 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Problem Types: NVD-CWE-noinfo | CWE-200 | A maliciously crafted webpage may be able to fingerprint the user | CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
| 3.1 | ADP | DECLARED | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Apple | Safari | affected 17.3 custom | Not specified |
| CNA | Apple | IOS And IPadOS | affected 16.7.5 custom | Not specified |
| CNA | Apple | IOS And IPadOS | affected 17.3 custom | Not specified |
| CNA | Apple | MacOS | affected 14.3 custom | Not specified |
| CNA | Apple | TvOS | affected 17.3 custom | Not specified |
| CNA | Apple | WatchOS | affected 10.3 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| seclists.org/fulldisclosure/2024/Jan/27 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| Full Disclosure: APPLE-SA-01-22-2024-8 watchOS 10.3 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| seclists.org/fulldisclosure/2024/Jan/34 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| Full Disclosure: APPLE-SA-01-22-2024-9 tvOS 17.3 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| support.apple.com/en-us/HT214055 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/120306 | [email protected] | support.apple.com | |
| support.apple.com/en-us/120310 | [email protected] | support.apple.com | |
| support.apple.com/kb/HT214060 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/120304 | [email protected] | support.apple.com | |
| support.apple.com/en-us/120309 | [email protected] | support.apple.com | |
| support.apple.com/kb/HT214055 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/HT214056 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/kb/HT214059 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| seclists.org/fulldisclosure/2024/Jan/33 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| support.apple.com/kb/HT214061 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/kb/HT214056 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| support.apple.com/en-us/120311 | [email protected] | support.apple.com | |
| support.apple.com/en-us/HT214063 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/kb/HT214063 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/HT214061 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| support.apple.com/en-us/120339 | [email protected] | support.apple.com | |
| support.apple.com/en-us/HT214060 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/HT214059 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 200105 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-6631-1)
- 284906 Fedora Security Update for webkitgtk (FEDORA-2024-ca3f071aea)
- 284994 Fedora Security Update for webkitgtk (FEDORA-2024-97faaca23d)
- 357216 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2459
- 379297 Apple Safari Multiple Vulnerabilities (HT214056)
- 379299 Apple macOS Sonoma 14.3 Not Installed (HT214061)
- 6000472 Debian Security Update for webkit2gtk (DSA 5618-1)
- 610538 Apple iOS 17.3 and iPadOS 17.3 Security Update Missing (HT214059)
- 610539 Apple iOS 16.7.5 and iPadOS 16.7.5 Security Update Missing (HT214063)
- 755770 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0519-1)
- 755789 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0545-1)
- 755802 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0548-1)