CVE-2024-23288
Published Mar 5, 2024
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Wojciech Regula(SecuRing), Kirin@@Pwnrin, Marc Newlin(SkySafe), m4yfly with TianGong Team(Legendsec at Qi'anxin Group), Guilherme Rambo(Best Buddy Apps), an anonymous researcher, Csaba Fitzl@@theevilbit(OffSec), CVE-2024-23205, CVE-2022-48554, Joshua Jewett@@JoshJewett33, Mickey Jin@@patch1t, Junsung Lee(Trend Micro Zero Day Initiative), Zhenjiang Zhao(pangu team), Qianxin(CrowdStrike Counter Adversary Operations), (CrowdStrike Counter Adversary Operations), Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), Dohyun Lee@@l33d0hyun, Lyutoon, Mr.R, Murray Mike, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-23235, Xinru Chi(Pangu Lab), CVE-2024-23225, koocola, ali yabuz, Meysam Firouzi@@R00tkitsmm(Trend Micro Zero Day Initiative), @@08Tc3wBB(Jamf), CVE-2024-23283, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, Bohdan Stasiuk@@Bohdan_Stasiuk, Harsh Tyagi, CVE-2024-23296, Lyra Rebane (rebane2001), Matej Rabzelj, CVE-2024-23238, Yiğit Can YILMAZ@@yilmazcanyigit, luckyu@@uuulucky, K宝(Fudan University), LFY@@secsys(Fudan University), Lewis Hardy, Bistrit Dahal, CVE-2024-23241, CVE-2024-23242, Matthew Loewen, Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik, anbu1024(SecANT), Pwn2car, James Lee@@Windowsrcer, Johan Carlsson (joaxcar), Georg Felber, Marco Squarcina, Brian McNulty, Stephan Casas, CVE-2024-23291, scj643, CVE-2024-23220, Om Kothawade, Cristian Dinca(Computer Science), Romania
Affected Software
10 affected componentsFixes available
Apple macOS Sonoma<14.4
14.4
Apple tvOS<17.4
17.4
Apple WatchOS<10.4
10.4
Apple iOS<17.4
17.4
Apple iPadOS<17.4
17.4
Apple iPadOS<17.4
Apple iPhone OS<17.4
Apple macOS>=14.0<14.4
Apple tvOS<17.4
Apple WatchOS<10.4
Event History
Mar 5, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Weakness
Mar 8, 2024
CVE Published
via MITRE·01:35 AM
Data Sourced
via MITRE·01:35 AM
DescriptionWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Feb 8, 2026
News Published
via The Register·10:25 PM
News Published
via The Register·10:28 PM
Frequently Asked Questions
1
What is the severity of CVE-2024-23288?
CVE-2024-23288 is classified as a high severity vulnerability that allows an app to potentially elevate privileges.
2
How do I fix CVE-2024-23288?
To fix CVE-2024-23288, update your device to tvOS 17.4, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, or watchOS 10.4.
3
What products are affected by CVE-2024-23288?
CVE-2024-23288 affects Apple devices running older versions of tvOS, iOS, iPadOS, macOS, and watchOS prior to their respective 17.4 and 14.4 updates.
4
Is CVE-2024-23288 a remote or local vulnerability?
CVE-2024-23288 is considered a local vulnerability since it requires an application to be executed on the affected device.
5
What type of attack is CVE-2024-23288 associated with?
CVE-2024-23288 is associated with privilege escalation attacks that could allow unauthorized access to higher-level system functionalities.