Vulnerability Description
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 16.7.6 |
| Apple | Iphone Os | < 16.7.6 |
| Apple | Macos | >= 14.0, < 14.4 |
| Apple | Watchos | < 10.4 |
References
- https://support.apple.com/en-us/120880
- https://support.apple.com/en-us/120881
- https://support.apple.com/en-us/120893
- https://support.apple.com/en-us/120895
- http://seclists.org/fulldisclosure/2024/Mar/21Mailing List
- http://seclists.org/fulldisclosure/2024/Mar/24Mailing List
- https://support.apple.com/en-us/HT214081Vendor Advisory
- https://support.apple.com/en-us/HT214082Vendor Advisory
- https://support.apple.com/en-us/HT214084Vendor Advisory
- https://support.apple.com/en-us/HT214088Vendor Advisory
- https://support.apple.com/kb/HT214081
- https://support.apple.com/kb/HT214082
- https://support.apple.com/kb/HT214084
- https://support.apple.com/kb/HT214088
FAQ
What is CVE-2024-23289?
CVE-2024-23289 is a vulnerability with a CVSS score of 3.3 (LOW). A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical...
How severe is CVE-2024-23289?
CVE-2024-23289 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23289?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Watchos.