CVE-2024-23215
First published: Mon Jan 22 2024(Updated: )
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data.
Credit: Zhongquan Li @Guluisacat Noah Roskin-Frazee Pr Ian de Marcellus Mark Bowers Jubaer Alnazi @h33tjubaer Kirin @Pwnrin an anonymous researcher Wangtaiyu Zhongfu infoJames Lee @Windowsrcer fmyy @binary_fmyy TIANGONG Team of Legendsec at QIlime TIANGONG Team of Legendsec at QIKoh M. Nakagawa FFRI Security IncClemens Lang Ye Zhang Baidu Security product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <14.3 | 14.3 |
| watchOS | <10.3 | 10.3 |
| tvOS | <17.3 | 17.3 |
| Apple iOS | <17.3 | 17.3 |
| iPadOS | <17.3 | 17.3 |
| iPadOS | <17.3 | |
| Apple iPhone OS | <17.3 | |
| Apple macOS | >=14.0<14.3 | |
| tvOS | <17.3 | |
| watchOS | <10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214059 (Advisory)
- https://support.apple.com/en-us/HT214055 (Advisory)
- https://support.apple.com/en-us/HT214060 (Advisory)
- https://support.apple.com/en-us/HT214061 (Advisory)
- http://seclists.org/fulldisclosure/2024/Jan/33
- http://seclists.org/fulldisclosure/2024/Jan/36
- http://seclists.org/fulldisclosure/2024/Jan/39
- http://seclists.org/fulldisclosure/2024/Jan/40
- https://support.apple.com/kb/HT214059
- https://support.apple.com/en-us/120306 (Advisory)
- https://support.apple.com/kb/HT214055
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23212
- CVE-2024-23218
- CVE-2024-23224
- CVE-2024-23208
- CVE-2024-23201
- CVE-2024-23209
- CVE-2024-23207
- CVE-2024-23223
- CVE-2024-27791
- CVE-2024-23211
- CVE-2024-23203
- CVE-2024-23204
- CVE-2024-23217
- CVE-2024-23215
- CVE-2024-23210
- CVE-2024-23206
- CVE-2024-23213
- CVE-2024-23214
- CVE-2024-23222
- CVE-2024-23271
- CVE-2024-23228
- CVE-2024-23219
Frequently Asked Questions
What is the severity of CVE-2024-23215?
The severity of CVE-2024-23215 is high due to the potential access to user-sensitive data.
How do I fix CVE-2024-23215?
To fix CVE-2024-23215, update your device to macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 or iPadOS 17.3.
What versions of software are affected by CVE-2024-23215?
CVE-2024-23215 affects Apple macOS versions prior to 14.3, and Apple iOS, iPadOS, watchOS, and tvOS versions prior to their respective 17.3 or 10.3 releases.
Is any user action required for CVE-2024-23215?
Yes, users must update their devices to the fixed versions to mitigate the vulnerability associated with CVE-2024-23215.
Can CVE-2024-23215 allow unauthorized data access?
Yes, CVE-2024-23215 may allow unauthorized apps to access user-sensitive data.
- agent/first-publish-date
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/trending
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/source
- alias/CVE-2024-23223
- alias/CVE-2024-23211
- alias/CVE-2024-23204
- alias/CVE-2024-23217
- alias/CVE-2024-23215
- alias/CVE-2024-23210
- alias/CVE-2024-23206
- alias/CVE-2024-23213
- alias/CVE-2024-23271
- alias/CVE-2024-23201
- alias/CVE-2024-23207
- alias/CVE-2024-23208
- alias/CVE-2024-23218
- agent/last-modified-date
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/apple macos
- canonical/watchos
- canonical/tvos
- canonical/apple ios
- canonical/ipados
- canonical/apple iphone os
- version/apple macos/14.0