CVE-2024-23254
webkit: malicious website may exfiltrate audio data cross-origin
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
El problema se solucionó mejorando el manejo de la interfaz de usuario. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, Safari 17.4. Un sitio web malicioso puede filtrar datos de audio de origen cruzado.
A vulnerability was found in WebKit, where a remote attacker is able to exfiltrate audio data cross-origin by convincing a victim to visit a specially crafted website, which results in obtaining sensitive information.
The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-12 CVE Reserved
- 2024-03-08 CVE Published
- 2025-02-13 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (15)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-23254 | 2024-10-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2270289 | 2024-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Ios Search vendor "Apple" for product "Ios" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Visionos Search vendor "Apple" for product "Visionos" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | * | - |
Affected
| ||||||
| Webkitgtk Search vendor "Webkitgtk" | Webkitgtk Search vendor "Webkitgtk" for product "Webkitgtk" | * | - |
Affected
| ||||||
| Wpewebkit Search vendor "Wpewebkit" | Wpe Webkit Search vendor "Wpewebkit" for product "Wpe Webkit" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipad Os Search vendor "Apple" for product "Ipad Os" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Visionos Search vendor "Apple" for product "Visionos" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | * | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-desktop-applications Search vendor "Suse" for product "Sle-module-desktop-applications" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-development-tools Search vendor "Suse" for product "Sle-module-development-tools" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-sdk Search vendor "Suse" for product "Sle-sdk" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-we Search vendor "Suse" for product "Sle-we" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-proxy Search vendor "Suse" for product "Suse-manager-proxy" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-server Search vendor "Suse" for product "Suse-manager-server" | * | - |
Affected
| ||||||