CVE-2024-23270
Published Mar 5, 2024
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
an anonymous researcher, Junsung Lee(Trend Micro Zero Day Initiative), Zhenjiang Zhao(pangu team), Qianxin(CrowdStrike Counter Adversary Operations), (CrowdStrike Counter Adversary Operations), Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), Dohyun Lee@@l33d0hyun, Lyutoon, Mr.R, Murray Mike, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-23235, Xinru Chi(Pangu Lab), CVE-2024-23225, koocola, ali yabuz, Kirin@@Pwnrin, Meysam Firouzi@@R00tkitsmm(Trend Micro Zero Day Initiative), @@08Tc3wBB(Jamf), CVE-2024-23283, Mickey Jin@@patch1t, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, Bohdan Stasiuk@@Bohdan_Stasiuk, Harsh Tyagi, Wojciech Regula(SecuRing), CVE-2024-23296, Lyra Rebane (rebane2001), Matej Rabzelj, CVE-2024-23238, Yiğit Can YILMAZ@@yilmazcanyigit, luckyu@@uuulucky, K宝(Fudan University), LFY@@secsys(Fudan University), Lewis Hardy, Bistrit Dahal, CVE-2024-23241, CVE-2024-23242, Joshua Jewett@@JoshJewett33, Matthew Loewen, Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik, anbu1024(SecANT), Pwn2car, James Lee@@Windowsrcer, Johan Carlsson (joaxcar), Georg Felber, Marco Squarcina, m4yfly with TianGong Team(Legendsec at Qi'anxin Group), Guilherme Rambo(Best Buddy Apps), Csaba Fitzl@@theevilbit(OffSec), CVE-2024-23205, CVE-2022-48554, Marc Newlin(SkySafe), Brian McNulty, Stephan Casas, CVE-2024-23291, Clemens Lang, Koh M. Nakagawa(FFRI Security Inc), Meng Zhang (鲸落)(NorthSea), Jubaer Alnazi@@h33tjubaer, Csaba Fitzl@@theevilbit(Offensive Security), scj643, CVE-2024-23220, Om Kothawade, Cristian Dinca(Computer Science), Romania
Affected Software
12 affected componentsFixes available
Apple macOS<14.4
14.4
tvOS<17.4
17.4
macOS<12.7.4
12.7.4
macOS Ventura<13.6.5
13.6.5
Apple iOS and iPadOS<17.4
17.4
Apple iOS, iPadOS, and macOS<17.4
17.4
iPadOS<17.4
iPhone OS<17.4
macOS>=12.0.0<12.7.4
macOS>=13.0<13.6.5
macOS>=14.0<14.4
tvOS<17.4
Event History
Mar 5, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Weakness
Mar 7, 2024
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Mar 8, 2024
CVE Published
via MITRE·01:35 AM
Data Sourced
via MITRE·01:35 AM
DescriptionWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-23270?
CVE-2024-23270 is classified as a high severity vulnerability due to potential arbitrary code execution.
2
How do I fix CVE-2024-23270?
To fix CVE-2024-23270, update your affected Apple devices to the latest versions: macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4, iPadOS 17.4, or tvOS 17.4.
3
Which products are affected by CVE-2024-23270?
CVE-2024-23270 affects macOS, iOS, iPadOS, tvOS, specifically versions prior to the latest updates mentioned.
4
Can any app exploit CVE-2024-23270?
Yes, an app with malicious intent could potentially exploit CVE-2024-23270 to execute arbitrary code on vulnerable devices.
5
Is there a known workaround for CVE-2024-23270?
There is no known workaround for CVE-2024-23270; updating affected systems is the recommended action.