CVE-2024-23207: Infoleak
Published Jan 22, 2024
·Updated
Apple Neural Engine. The issue was addressed with improved memory handling.
Credit
Noah Roskin-Frazee, Pr, Ian de Marcellus, Mark Bowers, Jubaer Alnazi@@h33tjubaer, Kirin@@Pwnrin, Zhongquan Li@@Guluisacat, an anonymous researcher, Wangtaiyu(Zhongfu info), James Lee@@Windowsrcer, fmyy@@binary_fmyy(TIANGONG Team of Legendsec at QI), lime(TIANGONG Team of Legendsec at QI), Koh M. Nakagawa(FFRI Security Inc), Clemens Lang, Ye Zhang(Baidu Security)
Affected Software
12 affected componentsFixes available
Apple macOS Sonoma<14.3
14.3
Apple WatchOS<10.3
10.3
Apple macOS Monterey<12.7.3
12.7.3
Apple macOS Ventura<13.6.4
13.6.4
Apple iOS<17.3
17.3
Apple iPadOS<17.3
17.3
Apple iPadOS>17.0<17.3
Apple iPhone OS>17.0<17.3
Apple macOS>=12.0<12.7.3
Apple macOS>=13.0<13.6.4
Apple macOS>=14.0<14.3
Apple WatchOS<10.3
Event History
Jan 23, 2024
CVE Published
via MITRE·12:25 AM
Data Sourced
via MITRE·12:25 AM
DescriptionWeakness
Data Sourced
via NVD·01:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-23207?
CVE-2024-23207 has a medium severity rating, as it involves inadequate redaction of sensitive information.
2
How do I fix CVE-2024-23207?
To fix CVE-2024-23207, upgrade your device to watchOS 10.3, iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, or macOS Monterey 12.7.3.
3
Which devices are affected by CVE-2024-23207?
Devices affected by CVE-2024-23207 include those running older versions of watchOS, iOS, iPadOS, and macOS prior to the specified updated versions.
4
What information was inadequately redacted in CVE-2024-23207?
CVE-2024-23207 relates to the inadequacy in redacting sensitive information during mail search operations.
5
When was CVE-2024-23207 disclosed?
CVE-2024-23207 was disclosed alongside the patches released in early 2024.