CVE-2024-23280

moderate-risk

Published 2024-03-08

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

Do I need to act?

0.52% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (11)

Safari

Ipad Os

Iphone Os

Macos

Tvos

Watchos

Fedora

Webkitgtk

Wpe Webkit

Affected Vendors

Apple Fedoraproject Webkitgtk Wpewebkit

References (23)

https://support.apple.com/en-us/120881

https://support.apple.com/en-us/120882

https://support.apple.com/en-us/120893

https://support.apple.com/en-us/120894

https://support.apple.com/en-us/120895

Mailing List http://seclists.org/fulldisclosure/2024/Mar/20

Mailing List http://seclists.org/fulldisclosure/2024/Mar/21

Mailing List http://seclists.org/fulldisclosure/2024/Mar/24

Mailing List http://seclists.org/fulldisclosure/2024/Mar/25

Mailing List http://www.openwall.com/lists/oss-security/2024/03/26/1

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Vendor Advisory https://support.apple.com/en-us/HT214081

Vendor Advisory https://support.apple.com/en-us/HT214084

Vendor Advisory https://support.apple.com/en-us/HT214086

Vendor Advisory https://support.apple.com/en-us/HT214088

Vendor Advisory https://support.apple.com/en-us/HT214089

https://support.apple.com/kb/HT214081

and 3 more references

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 16/34 · Moderate