What is the severity of CVE-2024-23254?

CVE-2024-23254 is considered a medium severity vulnerability due to its potential to exfiltrate audio data from a malicious website.

How do I fix CVE-2024-23254?

To fix CVE-2024-23254, update your Apple devices to tvOS 17.4, macOS Sonoma 14.4, iOS 17.4, iPadOS 17.4, watchOS 10.4, visionOS 1.1, or Safari 17.4.

Which software versions are affected by CVE-2024-23254?

CVE-2024-23254 affects multiple versions including earlier versions of Safari, macOS, iOS, watchOS, tvOS, and webkit2gtk prior to their respective fixed versions.

What kind of data can be exfiltrated due to CVE-2024-23254?

CVE-2024-23254 allows a malicious website to exfiltrate audio data across origins.

Is CVE-2024-23254 a critical vulnerability?

CVE-2024-23254 is not classified as critical but poses significant risks due to the potential data exfiltration capabilities.

Vulnerability/
CVE-2024-23254

medium

6.5

CWE

119 362 20

5/3/2024

8/3/2024

5/2/2025

CVE-2024-23254: Buffer Overflow

First published: Tue Mar 05 2024(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: product-security@apple.com Pwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) an anonymous researcher Georg Felber Marco Squarcina CVE-2024-23235 Xinru Chi Pangu LabCVE-2024-23225 koocola ali yabuz Kirin @Pwnrin Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 Mickey Jin @patch1t CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Pedro Tôrres @t0rr3sp3dr0 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi Wojciech Regula SecuRingCVE-2024-23296 Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23238 Yiğit Can YILMAZ @yilmazcanyigit luckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik m4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike Marc Newlin SkySafePatrick Reardon CVE-2024-23220 Stephan Casas Brian McNulty CVE-2024-23291 scj643 Om Kothawade Cristian Dinca Computer ScienceRomania anbu1024 SecANT

Affected Software	Affected Version	How to fix
ubuntu/webkit2gtk	<2.44.0-0ubuntu0.22.04.1	2.44.0-0ubuntu0.22.04.1
ubuntu/webkit2gtk	<2.44.0-0ubuntu0.23.10.1	2.44.0-0ubuntu0.23.10.1
ubuntu/webkit2gtk	<2.44.0	2.44.0
debian/webkit2gtk	<=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.42.2-1~deb11u1<=2.42.2-1~deb12u1	2.44.1-1~deb11u1 2.44.1-1~deb12u1 2.44.1-1
debian/wpewebkit	<=2.38.6-1~deb11u1<=2.38.6-1	2.44.1-1
Apple macOS	<14.4	14.4
tvOS	<17.4	17.4
	<14.4	14.4
Apple Mobile Safari	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<10.4	10.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
visionOS	<1.1	1.1
Apple Mobile Safari	<17.4
iPadOS	<17.4
iStyle @cosme iPhone OS	<17.4
Apple iOS and macOS	<14.4
tvOS	<17.4
visionOS	<1.1
Apple iOS, iPadOS, and watchOS	<10.4
Fedora	=40
Oracle Webkitgtk4-jsc	<2.44.0
WPE WebKit	<2.44.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23291
CVE-2024-23276
CVE-2024-23227
CVE-2024-27886
CVE-2024-23233
CVE-2024-23269
CVE-2024-23288
CVE-2024-23277
CVE-2024-23247
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23299
CVE-2024-23244
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-23270
CVE-2024-23257
CVE-2024-23258
CVE-2024-23286
CVE-2024-23234
CVE-2024-23266
CVE-2024-23235
CVE-2024-23265
CVE-2024-23225
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23264
CVE-2024-23285
CVE-2024-27809
CVE-2024-23283
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2024-23216
CVE-2024-23267
CVE-2024-23268
CVE-2024-23274
CVE-2023-42853
CVE-2024-23275
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23296
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23230
CVE-2024-23245
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23272
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23246
CVE-2024-23226
CVE-2024-23254
CVE-2024-23263
CVE-2024-23280
CVE-2024-23284
CVE-2024-23297
CVE-2024-54658
CVE-2024-27859
CVE-2024-23243
CVE-2024-23262
CVE-2024-23240
CVE-2024-23220
CVE-2024-23256
CVE-2024-23295

Frequently Asked Questions

What is the severity of CVE-2024-23254?
CVE-2024-23254 is considered a medium severity vulnerability due to its potential to exfiltrate audio data from a malicious website.
How do I fix CVE-2024-23254?
To fix CVE-2024-23254, update your Apple devices to tvOS 17.4, macOS Sonoma 14.4, iOS 17.4, iPadOS 17.4, watchOS 10.4, visionOS 1.1, or Safari 17.4.
Which software versions are affected by CVE-2024-23254?
CVE-2024-23254 affects multiple versions including earlier versions of Safari, macOS, iOS, watchOS, tvOS, and webkit2gtk prior to their respective fixed versions.
What kind of data can be exfiltrated due to CVE-2024-23254?
CVE-2024-23254 allows a malicious website to exfiltrate audio data across origins.
Is CVE-2024-23254 a critical vulnerability?
CVE-2024-23254 is not classified as critical but poses significant risks due to the potential data exfiltration capabilities.

agent/type
agent/first-publish-date
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
collector/launchpad-cve
source/Launchpad
collector/nvd-cve
source/NVD
collector/security-tracker-debian
source/Debian
collector/mitre-cve
source/MITRE
agent/severity
agent/trending
agent/source
collector/apple-support
source/Apple
agent/software-canonical-lookup-request
agent/weakness
agent/references
agent/description
agent/author
agent/last-modified-date
alias/CVE-2024-23230
alias/CVE-2024-23245
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23272
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-54658
alias/CVE-2024-23226
alias/CVE-2024-27859
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23273
alias/CVE-2024-23238
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23264
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-23283
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2024-23216
alias/CVE-2024-23267
alias/CVE-2024-23268
alias/CVE-2024-23274
alias/CVE-2023-42853
alias/CVE-2024-23275
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23257
alias/CVE-2024-23258
alias/CVE-2024-23286
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23235
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-23248
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23270
alias/CVE-2024-23277
alias/CVE-2024-23247
alias/CVE-2024-23288
alias/CVE-2024-23227
alias/CVE-2024-27886
alias/CVE-2024-23233
alias/CVE-2024-23269
alias/CVE-2024-23276
alias/CVE-2024-23297
alias/CVE-2024-23240
alias/CVE-2024-23220
alias/CVE-2024-23256
alias/CVE-2024-23291
alias/CVE-2024-23262
alias/CVE-2024-23295
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
package-manager/ubuntu
package-manager/debian
vendor/apple
canonical/apple macos
canonical/tvos
canonical/apple mobile safari
canonical/apple ios, ipados, and watchos
canonical/visionos
canonical/ipados
canonical/istyle @cosme iphone os
canonical/apple ios and macos
vendor/fedoraproject
canonical/fedora
version/fedora/40
vendor/webkitgtk
canonical/oracle webkitgtk4-jsc
vendor/wpewebkit
canonical/wpe webkit