PT-2024-7947 · Apple+7 · Ios+13

James Lee

Published

2024-01-22

Updated

2025-11-25

CVE-2024-23271

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iOS versions prior to 17.3 iPadOS versions prior to 17.3 Safari versions prior to 17.3 tvOS versions prior to 17.3 macOS Sonoma versions prior to 14.3 watchOS versions prior to 10.3

Description A logic issue was addressed with improved checks. A malicious website may cause unexpected cross-origin behavior. The issue is related to insufficient access control in WebKitGTK and WPE WebKit modules, which can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For iOS versions prior to 17.3, update to iOS 17.3 or later. For iPadOS versions prior to 17.3, update to iPadOS 17.3 or later. For Safari versions prior to 17.3, update to Safari 17.3 or later. For tvOS versions prior to 17.3, update to tvOS 17.3 or later. For macOS Sonoma versions prior to 14.3, update to macOS Sonoma 14.3 or later. For watchOS versions prior to 10.3, update to watchOS 10.3 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2024:8180

ALSA-2024:9636

BDU:2024-09452

CESA-2024_9636

CVE-2024-23271

DSA-5618-1

INFSA-2024_8180

INFSA-2024_9636

MGASA-2025-0313

OPENSUSE-SU-2024_3752-1

OPENSUSE-SU-2024_3869-1

RHSA-2024:2126

RHSA-2024:8180

RHSA-2024:9636

RHSA-2024_2126

RHSA-2024_9636

RHSA-2025:10364

RLSA-2024:8180

RLSA-2024:9636

SUSE-SU-2024:3751-1

SUSE-SU-2024:3752-1

SUSE-SU-2024:3869-1

SUSE-SU-2024:3870-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Ios

Ipados

Macos Sonoma

Tvos

Watchos

PT-2024-7947 · Apple+7 · Ios+13

CVE-2024-23271

Weakness Enumeration

Related Identifiers

Affected Products

References · 121