CVE-2024-23206

MEDIUM

Safari < 17.3 - User Fingerprinting via Malicious Webpage

Title source: llm
STIX 2.1

Description

An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user.

References (27)

Core 27
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214055
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214056
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214059
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214060
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214061
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214063

Scores

CVSS v3 6.5
EPSS 0.0048
EPSS Percentile 65.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (12)
Apple/iOS and iPadOS < 16.7.5
Apple/iOS and iPadOS < 17.3
apple/ipados 16.0 - 16.7.5
apple/iphone_os 16.0 - 16.7.5
apple/macos < 14.3
Apple/macOS < 14.3
apple/safari < 17.3
Apple/Safari < 17.3
apple/tvos < 17.3
Apple/tvOS < 17.3
... and 2 more
Published Jan 23, 2024
Tracked Since Feb 18, 2026