CVE-2024-23271
Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 24 Apr 2024, 16:43
Last modified:02 Apr 2026, 18:15
Vulnerability Summary
Overall Risk (default)
medium
29/100 CVSS Score
7.3 HIGH
v3.1 (cve.org)
EPSS Score
0.08% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
24 Apr 2024, 16:43
Published
Vulnerability first disclosed
02 Apr 2026, 18:15
Last Modified
Vulnerability information updated
Description
A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
CVSS Metrics
- v3.1•HIGH•Score: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Trends
Current EPSS score: 0.08%• Percentile: 25%
Techniques & Countermeasures
- CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Affected Systems
- apple•ios and ipados
≥ unspecified, < 17.3 | < 17.3
- apple•ipados
< 17.3
- apple•iphone_os
< 17.3
- apple•macos
≥ unspecified, < 14.3 | < 14.3 | ≥ 14.0, < 14.3
- apple•safari
≥ unspecified, < 17.3 | < 17.3
- apple•tvos
≥ unspecified, < 17.3 | < 17.3
- apple•watchos
≥ unspecified, < 10.3 | < 10.3
References (15)
- https://support.apple.com/en-us/HT214059
- https://support.apple.com/en-us/HT214055
- https://support.apple.com/en-us/HT214056
- https://support.apple.com/en-us/HT214060
- https://support.apple.com/en-us/HT214061
- https://support.apple.com/kb/HT214060
- https://support.apple.com/kb/HT214059
- https://support.apple.com/kb/HT214061
- https://support.apple.com/kb/HT214055
- https://support.apple.com/kb/HT214056
- https://support.apple.com/en-us/120304
- https://support.apple.com/en-us/120306
- https://support.apple.com/en-us/120309
- https://support.apple.com/en-us/120311
- https://support.apple.com/en-us/120339