CVE-2024-23204

7.5 HIGH

Published: January 23, 2024 Modified: November 04, 2025

Description

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/33

Source: product-security@apple.com

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/36

Source: product-security@apple.com

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/39

Source: product-security@apple.com

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/22

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Mar/23

Source: product-security@apple.com

https://support.apple.com/en-us/HT214059

Source: product-security@apple.com

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT214060

Source: product-security@apple.com

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT214061

Source: product-security@apple.com

Release Notes Vendor Advisory

https://support.apple.com/kb/HT214082

Source: product-security@apple.com

https://support.apple.com/kb/HT214083

Source: product-security@apple.com

https://support.apple.com/kb/HT214085

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Jan/33