A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Apple
  • Ipad Os
  • Ipados
  • Iphone Os
  • Macos
  • Safari
  • Tvos
  • Visionos
  • Watchos
Fedoraproject
  • Fedora
Webkitgtk
  • Webkitgtk
Wpewebkit
  • Wpe Webkit

Configuration 1 [-]

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

No data.

References
Link Providers
http://seclists.org/fulldisclosure/2024/Mar/20 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/21 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/24 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/25 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/26 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2024/03/26/1 cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-23263 cve-icon
https://seclists.org/fulldisclosure/2024/Mar/21 cve-icon
https://support.apple.com/en-us/HT214081 cve-icon cve-icon
https://support.apple.com/en-us/HT214082 cve-icon cve-icon
https://support.apple.com/en-us/HT214084 cve-icon cve-icon
https://support.apple.com/en-us/HT214086 cve-icon cve-icon
https://support.apple.com/en-us/HT214087 cve-icon cve-icon
https://support.apple.com/en-us/HT214088 cve-icon cve-icon
https://support.apple.com/en-us/HT214089 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-23263 cve-icon
History

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipad Os
CPEs cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*
Vendors & Products Apple ipad Os
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Mon, 09 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos
Fedoraproject
Fedoraproject fedora
Webkitgtk
Webkitgtk webkitgtk
Wpewebkit
Wpewebkit wpe Webkit
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos
Fedoraproject
Fedoraproject fedora
Webkitgtk
Webkitgtk webkitgtk
Wpewebkit
Wpewebkit wpe Webkit
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-08T01:36:19.295Z

Updated: 2025-02-13T17:39:16.216Z

Reserved: 2024-01-12T22:22:21.490Z

Link: CVE-2024-23263

cve-icon Vulnrichment

Updated: 2024-08-01T22:59:32.071Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-08T02:15:48.980

Modified: 2024-12-09T14:55:47.257

Link: CVE-2024-23263

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-07T00:00:00Z

Links: CVE-2024-23263 - Bugzilla