An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/HT214083 | Vendor Advisory |
| https://support.apple.com/en-us/HT214085 | Vendor Advisory |
| https://support.apple.com/en-us/HT214084 | Vendor Advisory |
| http://seclists.org/fulldisclosure/2024/Mar/21 | Mailing List |
| http://seclists.org/fulldisclosure/2024/Mar/22 | Mailing List |
| http://seclists.org/fulldisclosure/2024/Mar/23 | Mailing List |
Configurations
Configuration 1 (hide)
|
History
14 Mar 2024, 19:05
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apple
Apple macos |
|
| CWE | CWE-74 | |
| References | () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List | |
| References | () https://support.apple.com/en-us/HT214083 - Vendor Advisory | |
| References | () https://support.apple.com/en-us/HT214084 - Vendor Advisory | |
| References | () http://seclists.org/fulldisclosure/2024/Mar/23 - Mailing List | |
| References | () https://support.apple.com/en-us/HT214085 - Vendor Advisory | |
| References | () http://seclists.org/fulldisclosure/2024/Mar/22 - Mailing List | |
| CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
13 Mar 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 Mar 2024, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
08 Mar 2024, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-08 02:15
Updated : 2024-08-01 13:47
NVD link : CVE-2024-23268
Mitre link : CVE-2024-23268
JSON object : View
Products Affected
apple
- macos
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')