{"api_version":"1","generated_at":"2026-04-22T19:36:31+00:00","cve":"CVE-2024-23218","urls":{"html":"https://cve.report/CVE-2024-23218","api":"https://cve.report/api/cve/CVE-2024-23218.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-23218","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-23218"},"summary":{"title":"CVE-2024-23218","description":"A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.","state":"PUBLISHED","assigner":"apple","published_at":"2024-01-23 01:15:11","updated_at":"2026-04-02 19:16:58"},"problem_types":["CWE-203","An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key","CWE-203 CWE-203 Observable Discrepancy"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://support.apple.com/kb/HT214085","name":"https://support.apple.com/kb/HT214085","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/39","name":"http://seclists.org/fulldisclosure/2024/Jan/39","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-8 watchOS 10.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/40","name":"http://seclists.org/fulldisclosure/2024/Jan/40","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-9 tvOS 17.3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT214055","name":"https://support.apple.com/en-us/HT214055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/120306","name":"https://support.apple.com/en-us/120306","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120304","name":"https://support.apple.com/en-us/120304","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120309","name":"https://support.apple.com/en-us/120309","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214055","name":"https://support.apple.com/kb/HT214055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214083","name":"https://support.apple.com/kb/HT214083","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214059","name":"https://support.apple.com/kb/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/33","name":"http://seclists.org/fulldisclosure/2024/Jan/33","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/120884","name":"https://support.apple.com/en-us/120884","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214082","name":"https://support.apple.com/kb/HT214082","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214061","name":"https://support.apple.com/kb/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/22","name":"http://seclists.org/fulldisclosure/2024/Mar/22","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120886","name":"https://support.apple.com/en-us/120886","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120311","name":"https://support.apple.com/en-us/120311","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/HT214061","name":"https://support.apple.com/en-us/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/120880","name":"https://support.apple.com/en-us/120880","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/36","name":"http://seclists.org/fulldisclosure/2024/Jan/36","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/23","name":"http://seclists.org/fulldisclosure/2024/Mar/23","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/HT214060","name":"https://support.apple.com/en-us/HT214060","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214059","name":"https://support.apple.com/en-us/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-23218","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23218","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 16.7.6 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 12.7.4 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 13.6.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 14.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"tvOS","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"watchOS","version":"affected 10.3 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"23218","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23218","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23218","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23218","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23218","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"23218","cve":"CVE-2024-23218","epss":"0.001930000","percentile":"0.412040000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:40"},"legacy_qids":[{"cve":"CVE-2024-23218","qid":"379299","title":"Apple macOS Sonoma 14.3 Not Installed (HT214061)"},{"cve":"CVE-2024-23218","qid":"379476","title":"Apple macOS Ventura 13.6.5 Not Installed (HT214085)"},{"cve":"CVE-2024-23218","qid":"379477","title":"Apple macOS Monterey 12.7.4 Not Installed (HT214083)"},{"cve":"CVE-2024-23218","qid":"610538","title":"Apple iOS 17.3 and iPadOS 17.3 Security Update Missing (HT214059)"},{"cve":"CVE-2024-23218","qid":"610550","title":"Apple iOS 16.7.6 and iPadOS 16.7.6 Security Update Missing"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-04T18:24:24.383Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214059"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214055"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214060"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214061"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/33"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/36"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/39"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/40"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214082"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214083"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT214085"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Mar/22"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Mar/23"},{"url":"https://support.apple.com/kb/HT214061"},{"url":"https://support.apple.com/kb/HT214059"},{"url":"https://support.apple.com/kb/HT214055"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2024-23218","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-12-04T17:22:50.733956Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-203","description":"CWE-203 Observable Discrepancy","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-06-04T15:21:57.676Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"iOS and iPadOS","vendor":"Apple","versions":[{"lessThan":"16.7.6","status":"affected","version":"0","versionType":"custom"},{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"12.7.4","status":"affected","version":"0","versionType":"custom"},{"lessThan":"13.6.5","status":"affected","version":"0","versionType":"custom"},{"lessThan":"14.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"tvOS","vendor":"Apple","versions":[{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"watchOS","vendor":"Apple","versions":[{"lessThan":"10.3","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key."}],"problemTypes":[{"descriptions":[{"description":"An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T18:26:59.685Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/120304"},{"url":"https://support.apple.com/en-us/120306"},{"url":"https://support.apple.com/en-us/120309"},{"url":"https://support.apple.com/en-us/120311"},{"url":"https://support.apple.com/en-us/120880"},{"url":"https://support.apple.com/en-us/120884"},{"url":"https://support.apple.com/en-us/120886"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2024-23218","datePublished":"2024-01-23T00:25:38.999Z","dateReserved":"2024-01-12T22:22:21.477Z","dateUpdated":"2026-04-02T18:26:59.685Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-01-23 01:15:11","lastModifiedDate":"2026-04-02 19:16:58","problem_types":["CWE-203","An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key","CWE-203 CWE-203 Observable Discrepancy"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"93A0FBA9-3FF2-483E-8669-E2C196B3A444"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"F927B013-925E-4474-B464-3FA0241F9269"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.3","matchCriteriaId":"79ADFEBE-99EE-4F01-9AE8-489EB41885D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"921307BF-8419-42C7-9B2C-8DD643723E38"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.3","matchCriteriaId":"F265723B-24BD-4BD9-A45C-6FFD000A7B03"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"23218","Ordinal":"1","Title":"CVE-2024-23218","CVE":"CVE-2024-23218","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"23218","Ordinal":"1","NoteData":"A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.","Type":"Description","Title":"CVE-2024-23218"}]}}}