CVE-2024-23220

Published Mar 8, 2024

Last updated 24 days ago

CVSS medium 5.5

Mobile device

Overview

Description: The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to fingerprint the user.
Source: product-security@apple.com
NVD status: Modified
Products: ipad_os, iphone_os, visionos

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69",
            "versionEndExcluding": "17.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB",
            "versionEndExcluding": "17.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5",
            "versionEndExcluding": "1.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References