CVE-2024-23211
First published: Mon Jan 22 2024(Updated: )
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.
Credit: Mark Bowers Noah Roskin-Frazee Pr Ian de Marcellus Jubaer Alnazi @h33tjubaer Kirin @Pwnrin Zhongquan Li @Guluisacat an anonymous researcher Wangtaiyu Zhongfu infoJames Lee @Windowsrcer fmyy @binary_fmyy TIANGONG Team of Legendsec at QIlime TIANGONG Team of Legendsec at QIKoh M. Nakagawa FFRI Security IncClemens Lang Ye Zhang Baidu Security product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <17.3 | 17.3 |
| Apple macOS | <14.3 | 14.3 |
| watchOS | <10.3 | 10.3 |
| Apple iOS | <17.3 | 17.3 |
| iPadOS | <17.3 | 17.3 |
| Apple iOS | <16.7.5 | 16.7.5 |
| iPadOS | <16.7.5 | 16.7.5 |
| Apple Safari | <17.3 | |
| iPadOS | >16.0<16.7.5 | |
| iPadOS | >17.0<17.3 | |
| Apple iPhone OS | >16.0<16.7.5 | |
| Apple iPhone OS | >17.0<17.3 | |
| Apple macOS | >=14.0<14.3 | |
| watchOS | <10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214059 (Advisory)
- https://support.apple.com/en-us/HT214063 (Advisory)
- https://support.apple.com/en-us/HT214056 (Advisory)
- https://support.apple.com/en-us/HT214060 (Advisory)
- https://support.apple.com/en-us/HT214061 (Advisory)
- http://seclists.org/fulldisclosure/2024/Jan/27
- http://seclists.org/fulldisclosure/2024/Jan/33
- http://seclists.org/fulldisclosure/2024/Jan/36
- http://seclists.org/fulldisclosure/2024/Jan/34
- http://seclists.org/fulldisclosure/2024/Jan/39
- https://support.apple.com/kb/HT214063
- https://support.apple.com/kb/HT214059
- https://support.apple.com/kb/HT214056
- https://support.apple.com/en-us/120306 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23211
- CVE-2024-23206
- CVE-2024-23213
- CVE-2024-23222
- CVE-2024-23271
- CVE-2024-23212
- CVE-2024-23218
- CVE-2024-23224
- CVE-2024-23208
- CVE-2024-23201
- CVE-2024-23209
- CVE-2024-23207
- CVE-2024-23223
- CVE-2024-27791
- CVE-2024-23203
- CVE-2024-23204
- CVE-2024-23217
- CVE-2024-23215
- CVE-2024-23210
- CVE-2024-23214
- CVE-2024-23228
- CVE-2024-23219
- CVE-2023-42937
- CVE-2023-42888
Frequently Asked Questions
What is the severity of CVE-2024-23211?
CVE-2024-23211 is classified as a privacy issue due to the handling of user preferences.
How do I fix CVE-2024-23211?
To fix CVE-2024-23211, update to the latest versions of the affected products which include watchOS 10.3, iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and Safari 17.3.
Which software versions are affected by CVE-2024-23211?
CVE-2024-23211 affects watchOS versions prior to 10.3, iOS versions before 17.3 and 16.7.5, iPadOS versions before 17.3 and 16.7.5, and macOS prior to 14.3.
What kind of issue is CVE-2024-23211 classified as?
CVE-2024-23211 is classified as a privacy issue related to visible private browsing activity.
When was CVE-2024-23211 reported?
CVE-2024-23211 was reported and acknowledged with improvements in handling user preferences released in the associated updates.
- agent/first-publish-date
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/software-canonical-lookup-request
- alias/CVE-2024-23223
- alias/CVE-2024-23211
- alias/CVE-2024-23204
- alias/CVE-2024-23217
- alias/CVE-2024-23215
- alias/CVE-2024-23210
- alias/CVE-2024-23206
- alias/CVE-2024-23213
- alias/CVE-2024-23271
- alias/CVE-2024-23201
- alias/CVE-2024-23207
- alias/CVE-2024-23208
- alias/CVE-2024-23218
- agent/last-modified-date
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/apple safari
- canonical/apple macos
- canonical/watchos
- canonical/apple ios
- canonical/ipados
- canonical/apple iphone os
- version/apple macos/14.0