CVE-2024-23282

Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.5 watchOS versions prior to 10.5 iOS versions prior to 17.5 and 16.7.8 iPadOS versions prior to 17.5 and 16.7.8

Description A maliciously crafted email may be able to initiate FaceTime calls without user authorization. This issue can potentially lead to attacks resulting in user data leakage through FaceTime, as outgoing calls are not blocked in lock mode. A proof of concept (PoC) was developed and demonstrated, allowing for remote sound activation without clicking.

Recommendations For macOS Sonoma versions prior to 14.5, update to macOS Sonoma 14.5. For watchOS versions prior to 10.5, update to watchOS 10.5. For iOS versions prior to 17.5, update to iOS 17.5. For iOS versions prior to 16.7.8, update to iOS 16.7.8. For iPadOS versions prior to 17.5, update to iPadOS 17.5. For iPadOS versions prior to 16.7.8, update to iPadOS 16.7.8.