CVE-2024-23220

CVE Database · CVE-2024-23220

CVE-2024-23220

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.24%

Published

Mar 7, 2024

Modified

Apr 2, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to fingerprint the user.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products (3)

apple · ipad_os (up to 17.4)vulnerable

apple · iphone_os (up to 17.4)vulnerable

apple · visionos (up to 1.1)vulnerable

References (7)

https://support.apple.com/en-us/120883

https://support.apple.com/en-us/120893

http://seclists.org/fulldisclosure/2024/Mar/26

Mailing List

https://support.apple.com/en-us/HT214081

Vendor Advisory

https://support.apple.com/en-us/HT214087

Vendor Advisory

https://support.apple.com/kb/HT214081

https://support.apple.com/kb/HT214087

KEV Catalog EPSS Scores Vendors All CVEs