CVE-2024-23298

MEDIUM

Xcode < 15.3 - Gatekeeper Bypass via Logic Issue

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23298. PoCs published by p1tsi.

AI-analyzed exploit summary The repository contains only a minimal README with no exploit code or technical details. It instructs users to open Xcode 15.2 and clone the project, but no further information is provided.

Description

A logic issue was addressed with improved state management. This issue is fixed in Xcode 15.3. An app may bypass Gatekeeper checks.

Exploits (1)

nomisec STUB 1 stars

by p1tsi · poc

https://github.com/p1tsi/CVE-2024-23298.app

View Code ZIP pw:eip

The repository contains only a minimal README with no exploit code or technical details. It instructs users to open Xcode 15.2 and clone the project, but no further information is provided.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown (likely Xcode 15.2 or related software)

No auth needed

Prerequisites: Xcode 15.2

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

https://support.apple.com/en-us/120887

Vendor Advisory

https://support.apple.com/en-us/HT214092

Vendor Advisory

https://support.apple.com/kb/HT214092

Scores

CVSS v3 5.5

EPSS 0.0053

EPSS Percentile 40.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (2)

apple/xcode < 15.3

Apple/Xcode < 15.3

Published Mar 15, 2024

Tracked Since Feb 18, 2026