Vulnerability Details : CVE-2024-23206
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.
Products affected by CVE-2024-23206
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-23206
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-23206
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-05-15 |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | 2024-01-26 |
CWE ids for CVE-2024-23206
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2024-23206
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/
[SECURITY] Fedora 39 Update: webkitgtk-2.42.5-1.fc39 - package-announce - Fedora Mailing-Lists
-
http://seclists.org/fulldisclosure/2024/Jan/36
Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3Third Party Advisory
-
http://seclists.org/fulldisclosure/2024/Jan/33
Full Disclosure: APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3Third Party Advisory
-
https://support.apple.com/en-us/HT214055
About the security content of tvOS 17.3 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT214063
About the security content of iOS 16.7.5 and iPadOS 16.7.5 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/kb/HT214061
About the security content of macOS Sonoma 14.3 - Apple Support
-
https://support.apple.com/en-us/HT214061
About the security content of macOS Sonoma 14.3 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/kb/HT214055
About the security content of tvOS 17.3 - Apple Support
-
http://seclists.org/fulldisclosure/2024/Jan/27
Full Disclosure: APPLE-SA-01-22-2024-1 Safari 17.3Third Party Advisory
-
https://support.apple.com/en-us/HT214060
About the security content of watchOS 10.3 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/kb/HT214056
About the security content of Safari 17.3 - Apple Support
-
http://seclists.org/fulldisclosure/2024/Jan/39
Full Disclosure: APPLE-SA-01-22-2024-8 watchOS 10.3Third Party Advisory
-
https://support.apple.com/en-us/HT214056
About the security content of Safari 17.3 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/kb/HT214059
About the security content of iOS 17.3 and iPadOS 17.3 - Apple Support
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/
[SECURITY] Fedora 38 Update: webkitgtk-2.42.5-1.fc38 - package-announce - Fedora Mailing-Lists
-
http://seclists.org/fulldisclosure/2024/Jan/40
Full Disclosure: APPLE-SA-01-22-2024-9 tvOS 17.3Third Party Advisory
-
https://support.apple.com/en-us/HT214059
About the security content of iOS 17.3 and iPadOS 17.3 - Apple SupportRelease Notes;Vendor Advisory
-
http://seclists.org/fulldisclosure/2024/Jan/34
Full Disclosure: APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5Third Party Advisory
-
https://support.apple.com/kb/HT214060
About the security content of watchOS 10.3 - Apple Support
-
https://support.apple.com/kb/HT214063
About the security content of iOS 16.7.5 and iPadOS 16.7.5 - Apple Support
-
http://www.openwall.com/lists/oss-security/2024/02/05/8
oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001
Jump to