CVSS: 7.8EPSS: 1%CPEs: 32EXPL: 0CVE-2024-23254 – webkit: malicious website may exfiltrate audio data cross-origin
https://notcve.org/view.php?id=CVE-2024-23254
08 Mar 2024 — The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. El problema se solucionó mejorando el manejo de la interfaz de usuario. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, Safari 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-23235 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23235
08 Mar 2024 — A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data. Se abordó una condición de ejecución con validación adicional. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23265 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23265
08 Mar 2024 — A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory. Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, v... • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23273 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23273
08 Mar 2024 — This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication. Esta cuestión se abordó mediante una mejor gestión de estado. Este problema se solucionó en Safari 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4. • http://seclists.org/fulldisclosure/2024/Mar/20 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-23288 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23288
08 Mar 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23270 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23270
08 Mar 2024 — The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23250 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23250
08 Mar 2024 — An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission. Se solucionó un problema de acceso mejorando las restricciones de acceso. Este problema se solucionó en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23246 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23246
08 Mar 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23293 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23293
08 Mar 2024 — This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data. Esta cuestión se abordó mediante una mejor gestión de estado. Este problema se solucionó en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. • http://seclists.org/fulldisclosure/2024/Mar/21 •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23277 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23277
08 Mar 2024 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 •