PT-2024-19778 · Apple+7 · Visionos+14
Georg Felber
+1
·
Published
2024-03-07
·
Updated
2025-03-28
·
CVE-2024-23284
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apple tvOS versions prior to 17.4
Apple macOS Sonoma versions prior to 14.4
Apple visionOS versions prior to 1.1
Apple iOS versions prior to 17.4
Apple iPadOS versions prior to 17.4
Apple watchOS versions prior to 10.4
Apple iOS versions 16.7.6 and earlier
Apple iPadOS versions 16.7.6 and earlier
Apple Safari versions prior to 17.4
Description
A logic issue was addressed with improved state management. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Recommendations
For Apple tvOS versions prior to 17.4, update to tvOS 17.4 or later.
For Apple macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 or later.
For Apple visionOS versions prior to 1.1, update to visionOS 1.1 or later.
For Apple iOS versions prior to 17.4, update to iOS 17.4 or later.
For Apple iPadOS versions prior to 17.4, update to iPadOS 17.4 or later.
For Apple watchOS versions prior to 10.4, update to watchOS 10.4 or later.
For Apple iOS versions 16.7.6 and earlier, update to iOS 17.4 or later.
For Apple iPadOS versions 16.7.6 and earlier, update to iPadOS 17.4 or later.
For Apple Safari versions prior to 17.4, update to Safari 17.4 or later.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Safari
Suse
Ubuntu
Ios
Ipados
Macos Sonoma
Tvos
Visionos
Watchos