CVE-2024-23224: Infoleak

Q: What is the severity of CVE-2024-23224?

CVE-2024-23224 is classified as a medium severity vulnerability that may allow an app to access sensitive user data.

Q: How do I fix CVE-2024-23224?

To fix CVE-2024-23224, update your system to macOS Sonoma version 14.3 or macOS Ventura version 13.6.4.

Q: What software is affected by CVE-2024-23224?

CVE-2024-23224 affects macOS versions 13.0 to 13.6.4 and versions 14.0 to 14.2.

Q: What type of vulnerability is CVE-2024-23224?

CVE-2024-23224 is a vulnerability related to improper access controls that can lead to unauthorized access to user data.

Q: Is there a patch for CVE-2024-23224?

Yes, a patch for CVE-2024-23224 is included in macOS updates 14.3 and 13.6.4.

Published Jan 22, 2024

Updated

Finder. The issue was addressed with improved checks.

Credit

Brian McNulty

Affected Software

4 affected componentsFixes available

Apple macOS<14.3

14.3

macOS Ventura<13.6.4

13.6.4

macOS>=13.0<13.6.4

macOS>=14.0<14.3

Event History

Jan 23, 2024

CVE Published

via MITRE·12:25 AM

Data Sourced

via MITRE·12:25 AM

DescriptionWeakness

Data Sourced

via NVD·01:15 AM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2024-23224?

CVE-2024-23224 is classified as a medium severity vulnerability that may allow an app to access sensitive user data.

How do I fix CVE-2024-23224?

To fix CVE-2024-23224, update your system to macOS Sonoma version 14.3 or macOS Ventura version 13.6.4.

What software is affected by CVE-2024-23224?

CVE-2024-23224 affects macOS versions 13.0 to 13.6.4 and versions 14.0 to 14.2.

What type of vulnerability is CVE-2024-23224?

CVE-2024-23224 is a vulnerability related to improper access controls that can lead to unauthorized access to user data.

Is there a patch for CVE-2024-23224?

Yes, a patch for CVE-2024-23224 is included in macOS updates 14.3 and 13.6.4.

CVSS Score

5.5Medium

Medium Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Security Metrics

Risk Score24

Severitymedium(5.5)

EPSS0.052%

CWE

200

Timeline

PublishedJan 22, 2024

Updated

References

Parent Advisories

Peer Vulnerabilities

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.