CVE-2024-23284

Description

A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Trends

Current EPSS score: 0.88%• Percentile: 75%

Techniques & Countermeasures

• CWE-693•Protection Mechanism Failure

  The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Systems

• apple•ios and ipados

  ≥ unspecified, < 17.4 | ≥ unspecified, < 16.7 | < 16.7.6 | < 17.4

• apple•ipados

  < 16.7.6 | ≥ 17.0, < 17.4

• apple•iphone_os

  < 16.7.6 | ≥ 17.0, < 17.4

• apple•macos

  ≥ unspecified, < 14.4 | < 14.4 | ≥ 14.0, < 14.4

• apple•safari

  ≥ unspecified, < 17.4 | < 17.4

• apple•tvos

  ≥ unspecified, < 17.4 | < 17.4

• apple•visionos

  ≥ unspecified, < 1.1 | < 1.1

• apple•watchos

  ≥ unspecified, < 10.4 | < 10.4

• fedoraproject•fedora

  38 | 39 | 40

• Unknown•WebKitGTK

  < 2.44.0

• wpewebkit•wpe_webkit

  < 2.44.0

References (29)

• https://support.apple.com/en-us/HT214087
• https://support.apple.com/en-us/HT214086
• https://support.apple.com/en-us/HT214081
• https://support.apple.com/en-us/HT214082
• https://support.apple.com/en-us/HT214089
• https://support.apple.com/en-us/HT214084
• https://support.apple.com/en-us/HT214088
• http://seclists.org/fulldisclosure/2024/Mar/20
• http://seclists.org/fulldisclosure/2024/Mar/21
• http://seclists.org/fulldisclosure/2024/Mar/25
• http://seclists.org/fulldisclosure/2024/Mar/24
• http://seclists.org/fulldisclosure/2024/Mar/26
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/
• http://www.openwall.com/lists/oss-security/2024/03/26/1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
• https://support.apple.com/kb/HT214089
• https://support.apple.com/kb/HT214087
• https://support.apple.com/kb/HT214084
• https://support.apple.com/kb/HT214082
• https://support.apple.com/kb/HT214081
• https://support.apple.com/en-us/120880
• https://support.apple.com/en-us/120881
• https://support.apple.com/en-us/120882
• https://support.apple.com/en-us/120883
• https://support.apple.com/en-us/120893
• https://support.apple.com/en-us/120894
• https://support.apple.com/en-us/120895