CVE-2024-23254

CVE Database · CVE-2024-23254

CVE-2024-23254

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.25%

Published

Mar 7, 2024

Modified

Apr 2, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products (10)

apple · safari (up to 17.4)vulnerable

apple · ipad_os (up to 17.4)vulnerable

apple · iphone_os (up to 17.4)vulnerable

apple · macos (up to 14.4)vulnerable

apple · tvos (up to 17.4)vulnerable

apple · visionos (up to 1.1)vulnerable

apple · watchos (up to 10.4)vulnerable

fedoraproject · fedoravulnerable

webkitgtk · webkitgtk

References (20)

https://support.apple.com/en-us/120881

https://support.apple.com/en-us/120882

https://support.apple.com/en-us/120883

https://support.apple.com/en-us/120893

https://support.apple.com/en-us/120894

https://support.apple.com/en-us/120895

http://seclists.org/fulldisclosure/2024/Mar/20

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/21

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/24

Mailing List

http://seclists.org/fulldisclosure/2024/Mar/25

KEV Catalog EPSS Scores Vendors All CVEs