{"api_version":"1","generated_at":"2026-04-22T19:36:35+00:00","cve":"CVE-2024-23217","urls":{"html":"https://cve.report/CVE-2024-23217","api":"https://cve.report/api/cve/CVE-2024-23217.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-23217","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-23217"},"summary":{"title":"CVE-2024-23217","description":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences.","state":"PUBLISHED","assigner":"apple","published_at":"2024-01-23 01:15:11","updated_at":"2026-04-02 19:16:58"},"problem_types":["NVD-CWE-noinfo","CWE-922","An app may be able to bypass certain Privacy preferences","CWE-922 CWE-922 Insecure Storage of Sensitive Information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://support.apple.com/kb/HT214085","name":"https://support.apple.com/kb/HT214085","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/39","name":"http://seclists.org/fulldisclosure/2024/Jan/39","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-8 watchOS 10.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/120306","name":"https://support.apple.com/en-us/120306","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120304","name":"https://support.apple.com/en-us/120304","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120309","name":"https://support.apple.com/en-us/120309","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214059","name":"https://support.apple.com/kb/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/33","name":"http://seclists.org/fulldisclosure/2024/Jan/33","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT214061","name":"https://support.apple.com/kb/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/22","name":"http://seclists.org/fulldisclosure/2024/Mar/22","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120886","name":"https://support.apple.com/en-us/120886","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/HT214061","name":"https://support.apple.com/en-us/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/36","name":"http://seclists.org/fulldisclosure/2024/Jan/36","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214060","name":"https://support.apple.com/en-us/HT214060","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214059","name":"https://support.apple.com/en-us/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-23217","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23217","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 13.6.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 14.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"watchOS","version":"affected 10.3 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"23217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"23217","cve":"CVE-2024-23217","epss":"0.000090000","percentile":"0.008390000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:40"},"legacy_qids":[{"cve":"CVE-2024-23217","qid":"379299","title":"Apple macOS Sonoma 14.3 Not Installed (HT214061)"},{"cve":"CVE-2024-23217","qid":"379476","title":"Apple macOS Ventura 13.6.5 Not Installed (HT214085)"},{"cve":"CVE-2024-23217","qid":"610538","title":"Apple iOS 17.3 and iPadOS 17.3 Security Update Missing (HT214059)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-04T18:24:20.873Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214059"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214060"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214061"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/33"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/36"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/39"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214085"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Mar/22"},{"url":"https://support.apple.com/kb/HT214061"},{"url":"https://support.apple.com/kb/HT214059"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2024-23217","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-05-15T14:55:44.062224Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-922","description":"CWE-922 Insecure Storage of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-05-15T14:58:49.928Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"iOS and iPadOS","vendor":"Apple","versions":[{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"13.6.5","status":"affected","version":"0","versionType":"custom"},{"lessThan":"14.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"watchOS","vendor":"Apple","versions":[{"lessThan":"10.3","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences."}],"problemTypes":[{"descriptions":[{"description":"An app may be able to bypass certain Privacy preferences","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T18:09:10.878Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/120304"},{"url":"https://support.apple.com/en-us/120306"},{"url":"https://support.apple.com/en-us/120309"},{"url":"https://support.apple.com/en-us/120886"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2024-23217","datePublished":"2024-01-23T00:25:15.760Z","dateReserved":"2024-01-12T22:22:21.477Z","dateUpdated":"2026-04-02T18:09:10.878Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-01-23 01:15:11","lastModifiedDate":"2026-04-02 19:16:58","problem_types":["NVD-CWE-noinfo","CWE-922","An app may be able to bypass certain Privacy preferences","CWE-922 CWE-922 Insecure Storage of Sensitive Information"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"93A0FBA9-3FF2-483E-8669-E2C196B3A444"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"F927B013-925E-4474-B464-3FA0241F9269"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.3","matchCriteriaId":"79ADFEBE-99EE-4F01-9AE8-489EB41885D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.3","matchCriteriaId":"F265723B-24BD-4BD9-A45C-6FFD000A7B03"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"23217","Ordinal":"1","Title":"CVE-2024-23217","CVE":"CVE-2024-23217","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"23217","Ordinal":"1","NoteData":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences.","Type":"Description","Title":"CVE-2024-23217"}]}}}