Vulnerability Details : CVE-2024-23284
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Products affected by CVE-2024-23284
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
- cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-23284
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-23284
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-03-28 |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST | 2024-12-09 |
CWE ids for CVE-2024-23284
-
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2024-23284
-
https://support.apple.com/en-us/HT214087
About the security content of visionOS 1.1 - Apple SupportVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/
[SECURITY] Fedora 38 Update: webkitgtk-2.44.0-2.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
http://seclists.org/fulldisclosure/2024/Mar/24
Full Disclosure: APPLE-SA-03-07-2024-5 watchOS 10.4Mailing List
-
http://www.openwall.com/lists/oss-security/2024/03/26/1
oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2024-0002Mailing List
-
https://support.apple.com/en-us/HT214088
About the security content of watchOS 10.4 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT214089
About the security content of Safari 17.4 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT214081
About the security content of iOS 17.4 and iPadOS 17.4 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT214084
About the security content of macOS Sonoma 14.4 - Apple SupportVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
[SECURITY] Fedora 40 Update: webkit2gtk4.0-2.44.1-1.fc40 - package-announce - Fedora Mailing-ListsMailing List
-
http://seclists.org/fulldisclosure/2024/Mar/20
Full Disclosure: APPLE-SA-03-07-2024-1 Safari 17.4Mailing List
-
http://seclists.org/fulldisclosure/2024/Mar/26
Full Disclosure: APPLE-SA-03-07-2024-7 visionOS 1.1Mailing List
-
http://seclists.org/fulldisclosure/2024/Mar/25
Full Disclosure: APPLE-SA-03-07-2024-6 tvOS 17.4Mailing List
-
http://seclists.org/fulldisclosure/2024/Mar/21
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4Mailing List
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/
[SECURITY] Fedora 40 Update: webkitgtk-2.44.0-2.fc40 - package-announce - Fedora Mailing-ListsMailing List
-
https://support.apple.com/en-us/HT214082
About the security content of iOS 16.7.6 and iPadOS 16.7.6 - Apple SupportVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/
[SECURITY] Fedora 39 Update: webkitgtk-2.44.0-2.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://support.apple.com/en-us/HT214086
About the security content of tvOS 17.4 - Apple SupportVendor Advisory
Jump to