CVE-2024-23293

CVE Database · CVE-2024-23293

CVE-2024-23293

· MEDIUMModified

CVSS v3.1

4.6

EPSS

0.41%

Published

Mar 7, 2024

Modified

Apr 2, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products (5)

apple · ipad_os (up to 17.4)vulnerable

apple · iphone_os (up to 17.4)vulnerable

apple · macos (up to 14.4)vulnerable

apple · tvos (up to 17.4)vulnerable

apple · watchos (up to 10.4)vulnerable

References (15)

https://support.apple.com/en-us/120881

https://support.apple.com/en-us/120882

https://support.apple.com/en-us/120893

https://support.apple.com/en-us/120895

http://seclists.org/fulldisclosure/2024/Mar/21

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/24

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/25

Mailing List

https://support.apple.com/en-us/HT214081

Vendor Advisory

https://support.apple.com/en-us/HT214084

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs