PT-2024-1203 · Apple · Apple Macos+5
Noah Roskin-Frazee
+1
·
Published
2024-01-22
·
Updated
2024-01-27
·
CVE-2024-23223
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
macOS Sonoma versions prior to 14.3
watchOS versions prior to 10.3
tvOS versions prior to 17.3
iOS versions prior to 17.3
iPadOS versions prior to 17.3
Description
A privacy issue was addressed with improved handling of files, which may allow an app to access sensitive user data. The issue is related to insufficient input validation in the NSSpellChecker interface of Mac OS, tvOS, watchOS, iOS, and iPadOS operating systems, potentially allowing an attacker to gain unauthorized access to protected information.
Recommendations
For macOS Sonoma versions prior to 14.3, update to version 14.3 or later.
For watchOS versions prior to 10.3, update to version 10.3 or later.
For tvOS versions prior to 17.3, update to version 17.3 or later.
For iOS versions prior to 17.3, update to version 17.3 or later.
For iPadOS versions prior to 17.3, update to version 17.3 or later.
Fix
Incorrect Permission
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Nsspellchecker
Ios
Ipados
Tvos
Watchos