What is the severity of CVE-2024-23230?

The severity of CVE-2024-23230 is classified as a medium risk due to potential unauthorized access to sensitive user data.

How do I fix CVE-2024-23230?

To fix CVE-2024-23230, upgrade to macOS Sonoma 14.4, macOS Monterey 12.7.4, or macOS Ventura 13.6.5.

Which versions of macOS are affected by CVE-2024-23230?

CVE-2024-23230 affects macOS versions prior to 12.7.4, 13.6.5, and 14.4.

What type of attack does CVE-2024-23230 enable?

CVE-2024-23230 could potentially allow apps to access sensitive user data without permission.

Is a patch available for CVE-2024-23230?

Yes, a patch for CVE-2024-23230 is included in the latest updates for affected macOS versions.

Vulnerability/
CVE-2024-23230

medium

5.5

CWE

862 119 20 362

7/3/2024

8/3/2024

5/12/2024

CVE-2024-23230: Buffer Overflow

First published: Thu Mar 07 2024(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: Mickey Jin @patch1t product-security@apple.com m4yfly with TianGong Team Legendsec at Qi'anxin GroupClemens Lang an anonymous researcher Csaba Fitzl @theevilbit OffSecJunsung Lee Trend Micro Zero Day InitiativeAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike Pedro Tôrres @t0rr3sp3dr0 Xinru Chi Pangu LabCVE-2024-23225 Koh M. Nakagawa FFRI Security IncMeng Zhang (鲸落) NorthSeaMeysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeCVE-2024-23283 Bohdan Stasiuk @Bohdan_Stasiuk Jubaer Alnazi @h33tjubaer Csaba Fitzl @theevilbit Offensive SecurityJoshua Jewett @JoshJewett33 Kirin @Pwnrin Brian McNulty CVE-2024-23235 koocola ali yabuz @08Tc3wBB JamfCVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Harsh Tyagi Wojciech Regula SecuRingCVE-2024-23296 Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23238 Yiğit Can YILMAZ @yilmazcanyigit luckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik Pwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina Guilherme Rambo Best Buddy AppsCVE-2024-23205 CVE-2022-48554 Zhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsMarc Newlin SkySafeStephan Casas CVE-2024-23291

Affected Software	Affected Version	How to fix
Apple macOS Monterey	<12.7.4	12.7.4
Apple macOS	>=12.0<12.7.4
Apple macOS	>=13.0<13.6.5
Apple macOS	>=14.0<14.4
Apple macOS	<14.4	14.4
Apple macOS	<13.6.5	13.6.5
	<12.7.4	12.7.4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23276
CVE-2024-23227
CVE-2024-23269
CVE-2024-23247
CVE-2024-23218
CVE-2024-23299
CVE-2024-23244
CVE-2024-23270
CVE-2024-23286
CVE-2024-23257
CVE-2024-23234
CVE-2024-23266
CVE-2024-23265
CVE-2024-23225
CVE-2024-23201
CVE-2023-28826
CVE-2024-23264
CVE-2024-23283
CVE-2024-23274
CVE-2024-23268
CVE-2024-23275
CVE-2024-23267
CVE-2024-23216
CVE-2024-23230
CVE-2024-23204
CVE-2024-23245
CVE-2024-23272
CVE-2023-40389
CVE-2024-23291
CVE-2024-27886
CVE-2024-23233
CVE-2024-23288
CVE-2024-23277
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-23258
CVE-2024-23235
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23285
CVE-2024-27809
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2023-42853
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23296
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23246
CVE-2024-23226
CVE-2024-23254
CVE-2024-23263
CVE-2024-23280
CVE-2024-23284
CVE-2024-23203
CVE-2024-23217

Frequently Asked Questions

What is the severity of CVE-2024-23230?
The severity of CVE-2024-23230 is classified as a medium risk due to potential unauthorized access to sensitive user data.
How do I fix CVE-2024-23230?
To fix CVE-2024-23230, upgrade to macOS Sonoma 14.4, macOS Monterey 12.7.4, or macOS Ventura 13.6.5.
Which versions of macOS are affected by CVE-2024-23230?
CVE-2024-23230 affects macOS versions prior to 12.7.4, 13.6.5, and 14.4.
What type of attack does CVE-2024-23230 enable?
CVE-2024-23230 could potentially allow apps to access sensitive user data without permission.
Is a patch available for CVE-2024-23230?
Yes, a patch for CVE-2024-23230 is included in the latest updates for affected macOS versions.

agent/first-publish-date
agent/description
agent/type
collector/apple-support
source/Apple
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/trending
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
agent/source
agent/tags
alias/CVE-2024-23218
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23270
alias/CVE-2024-23286
alias/CVE-2024-23257
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-23201
alias/CVE-2023-28826
alias/CVE-2024-23264
alias/CVE-2024-23283
alias/CVE-2024-23274
alias/CVE-2024-23268
alias/CVE-2024-23275
alias/CVE-2024-23267
alias/CVE-2024-23216
alias/CVE-2024-23230
alias/CVE-2024-23204
alias/CVE-2024-23245
alias/CVE-2024-23272
alias/CVE-2023-40389
alias/CVE-2024-23227
alias/CVE-2024-23269
alias/CVE-2024-23247
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2023-42853
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23273
alias/CVE-2024-23238
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-23226
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23258
alias/CVE-2024-23235
alias/CVE-2024-23203
alias/CVE-2024-23217
alias/CVE-2024-23288
alias/CVE-2024-23277
alias/CVE-2024-23248
alias/CVE-2024-23233
alias/CVE-2024-27886
alias/CVE-2024-23276
agent/event
agent/weakness
agent/references
agent/author
agent/softwarecombine
vendor/apple
canonical/apple macos monterey
canonical/apple macos
version/apple macos/12.0
version/apple macos/13.0
version/apple macos/14.0