CVE-2024-23256: Buffer Overflow
First published: Tue Mar 05 2024(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.
Credit: product-security@apple.com CVE-2024-23225 CVE-2024-23235 Xinru Chi Pangu Laban anonymous researcher ali yabuz scj643 Kirin @Pwnrin Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeHarsh Tyagi CVE-2024-23296 CVE-2024-23220 Lyra Rebane (rebane2001) Om Kothawade Matej Rabzelj Mickey Jin @patch1t Wojciech Regula SecuRingluckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik Pwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina Guilherme Rambo Best Buddy AppsCVE-2024-23205 CVE-2022-48554 Junsung Lee Trend Micro Zero Day InitiativeAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R CVE-2024-23291 Marc Newlin SkySafeCristian Dinca Computer ScienceRomania anbu1024 SecANT
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iPadOS | <17.4 | |
| Apple iPhone OS | <17.4 | |
| Apple iOS | <17.4 | 17.4 |
| iPadOS | <17.4 | 17.4 |
| <17.4 | 17.4 | |
| <17.4 | 17.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23225
- CVE-2024-23296
- CVE-2024-23243
- CVE-2024-23262
- CVE-2024-23291
- CVE-2024-23288
- CVE-2024-23277
- CVE-2024-23250
- CVE-2024-23205
- CVE-2022-48554
- CVE-2024-23270
- CVE-2024-23286
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-23278
- CVE-2024-0258
- CVE-2024-23297
- CVE-2024-23287
- CVE-2024-23264
- CVE-2024-23240
- CVE-2024-23255
- CVE-2024-23220
- CVE-2024-23259
- CVE-2024-23256
- CVE-2024-23273
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23231
- CVE-2024-23292
- CVE-2024-23289
- CVE-2024-23293
- CVE-2024-23241
- CVE-2024-23242
- CVE-2024-23246
- CVE-2024-23226
- CVE-2024-23254
- CVE-2024-23263
- CVE-2024-23280
- CVE-2024-23284
- CVE-2024-54658
- CVE-2024-27859
Frequently Asked Questions
What is the severity of CVE-2024-23256?
CVE-2024-23256 has been classified as a privacy issue impacting users who have Locked Private Browsing enabled.
How do I fix CVE-2024-23256?
To resolve CVE-2024-23256, it is recommended to update to iOS or iPadOS version 17.4.
What impact does CVE-2024-23256 have on user privacy?
CVE-2024-23256 may allow a user's locked tabs to be briefly visible when switching between tab groups, potentially exposing private information.
Which devices are affected by CVE-2024-23256?
CVE-2024-23256 affects devices running iOS or iPadOS versions prior to 17.4.
Is there a workaround for CVE-2024-23256 until I update?
Currently, there are no specific workarounds for CVE-2024-23256 other than updating to the latest version.
- agent/first-publish-date
- agent/type
- collector/the-register
- source/The Register
- alias/CVE-2024-23225
- alias/CVE-2024-23296
- alias/CVE-2024-23243
- alias/CVE-2024-23256
- zeroday/true
- agent/news-ai
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/trending
- agent/source
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/apple-support
- source/Apple
- alias/CVE-2024-23235
- alias/CVE-2024-23265
- alias/CVE-2024-23278
- alias/CVE-2024-0258
- alias/CVE-2024-23297
- alias/CVE-2024-23287
- alias/CVE-2024-23264
- alias/CVE-2024-23240
- alias/CVE-2024-23255
- alias/CVE-2024-23220
- alias/CVE-2024-23259
- alias/CVE-2024-23273
- alias/CVE-2024-23239
- alias/CVE-2024-23290
- alias/CVE-2024-23231
- alias/CVE-2024-23292
- alias/CVE-2024-23289
- alias/CVE-2024-23293
- alias/CVE-2024-23241
- alias/CVE-2024-23242
- alias/CVE-2024-23246
- alias/CVE-2024-23226
- alias/CVE-2024-23254
- alias/CVE-2024-23263
- alias/CVE-2024-23280
- alias/CVE-2024-23284
- alias/CVE-2024-23205
- alias/CVE-2022-48554
- alias/CVE-2024-23270
- alias/CVE-2024-23286
- alias/CVE-2024-23291
- alias/CVE-2024-23288
- alias/CVE-2024-23277
- alias/CVE-2024-23250
- alias/CVE-2024-23262
- agent/softwarecombine
- agent/tags
- alias/CVE-2024-54658
- alias/CVE-2024-27859
- vendor/apple
- canonical/ipados
- canonical/apple iphone os
- canonical/apple ios