CVE-2024-23280

MEDIUM

Safari < 17.4 - User Fingerprinting via Malicious Webpage

Title source: llm
STIX 2.1

Description

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

References (23)

Core 23
Core References

Scores

CVSS v3 6.5
EPSS 0.0062
EPSS Percentile 70.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-74
Status published
Products (16)
Apple/iOS and iPadOS < 17.4
apple/ipad_os < 17.4
apple/iphone_os < 17.4
Apple/macOS < 14.4
apple/macos 14.0 - 14.4
apple/safari < 17.4
Apple/Safari < 17.4
apple/tvos < 17.4
Apple/tvOS < 17.4
apple/watchos < 10.4
... and 6 more
Published Mar 08, 2024
Tracked Since Feb 18, 2026