{"api_version":"1","generated_at":"2026-04-22T19:37:32+00:00","cve":"CVE-2024-23223","urls":{"html":"https://cve.report/CVE-2024-23223","api":"https://cve.report/api/cve/CVE-2024-23223.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-23223","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-23223"},"summary":{"title":"CVE-2024-23223","description":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data.","state":"PUBLISHED","assigner":"apple","published_at":"2024-01-23 01:15:11","updated_at":"2026-04-02 19:16:59"},"problem_types":["NVD-CWE-noinfo","CWE-732","An app may be able to access sensitive user data","CWE-732 CWE-732 Incorrect Permission Assignment for Critical Resource"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.2","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"6.2","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"6.2","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://seclists.org/fulldisclosure/2024/Jan/39","name":"http://seclists.org/fulldisclosure/2024/Jan/39","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-8 watchOS 10.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/40","name":"http://seclists.org/fulldisclosure/2024/Jan/40","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-9 tvOS 17.3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT214055","name":"https://support.apple.com/en-us/HT214055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/120306","name":"https://support.apple.com/en-us/120306","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120304","name":"https://support.apple.com/en-us/120304","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120309","name":"https://support.apple.com/en-us/120309","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214055","name":"https://support.apple.com/kb/HT214055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT214059","name":"https://support.apple.com/kb/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/33","name":"http://seclists.org/fulldisclosure/2024/Jan/33","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT214061","name":"https://support.apple.com/kb/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/120311","name":"https://support.apple.com/en-us/120311","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/HT214061","name":"https://support.apple.com/en-us/HT214061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/36","name":"http://seclists.org/fulldisclosure/2024/Jan/36","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214060","name":"https://support.apple.com/en-us/HT214060","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214059","name":"https://support.apple.com/en-us/HT214059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-23223","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23223","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 14.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"tvOS","version":"affected 17.3 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"watchOS","version":"affected 10.3 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"23223","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23223","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23223","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23223","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"23223","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"23223","cve":"CVE-2024-23223","epss":"0.000200000","percentile":"0.052890000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:40"},"legacy_qids":[{"cve":"CVE-2024-23223","qid":"379299","title":"Apple macOS Sonoma 14.3 Not Installed (HT214061)"},{"cve":"CVE-2024-23223","qid":"610538","title":"Apple iOS 17.3 and iPadOS 17.3 Security Update Missing (HT214059)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-04T18:24:37.518Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214059"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214055"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214060"},{"tags":["x_transferred"],"url":"https://support.apple.com/en-us/HT214061"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/33"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/36"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/39"},{"tags":["x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Jan/40"},{"url":"https://support.apple.com/kb/HT214061"},{"url":"https://support.apple.com/kb/HT214059"},{"url":"https://support.apple.com/kb/HT214055"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2024-23223","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-11-13T16:30:05.074917Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-732","description":"CWE-732 Incorrect Permission Assignment for Critical Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-06-04T15:15:13.404Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"iOS and iPadOS","vendor":"Apple","versions":[{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"14.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"tvOS","vendor":"Apple","versions":[{"lessThan":"17.3","status":"affected","version":"0","versionType":"custom"}]},{"product":"watchOS","vendor":"Apple","versions":[{"lessThan":"10.3","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data."}],"problemTypes":[{"descriptions":[{"description":"An app may be able to access sensitive user data","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T18:23:37.096Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/120304"},{"url":"https://support.apple.com/en-us/120306"},{"url":"https://support.apple.com/en-us/120309"},{"url":"https://support.apple.com/en-us/120311"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2024-23223","datePublished":"2024-01-23T00:25:32.185Z","dateReserved":"2024-01-12T22:22:21.478Z","dateUpdated":"2026-04-02T18:23:37.096Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-01-23 01:15:11","lastModifiedDate":"2026-04-02 19:16:59","problem_types":["NVD-CWE-noinfo","CWE-732","An app may be able to access sensitive user data","CWE-732 CWE-732 Incorrect Permission Assignment for Critical Resource"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"93A0FBA9-3FF2-483E-8669-E2C196B3A444"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"F927B013-925E-4474-B464-3FA0241F9269"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.3","matchCriteriaId":"79ADFEBE-99EE-4F01-9AE8-489EB41885D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3","matchCriteriaId":"921307BF-8419-42C7-9B2C-8DD643723E38"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.3","matchCriteriaId":"F265723B-24BD-4BD9-A45C-6FFD000A7B03"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"23223","Ordinal":"1","Title":"CVE-2024-23223","CVE":"CVE-2024-23223","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"23223","Ordinal":"1","NoteData":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data.","Type":"Description","Title":"CVE-2024-23223"}]}}}