First published: Tue Mar 05 2024(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.
Credit: product-security@apple.com CVE-2024-23225 CVE-2024-23235 Xinru Chi Pangu Laban anonymous researcher ali yabuz scj643 Kirin @Pwnrin Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeHarsh Tyagi CVE-2024-23296 CVE-2024-23220 Lyra Rebane (rebane2001) Om Kothawade Matej Rabzelj Mickey Jin @patch1t Wojciech Regula SecuRingluckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik Pwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina Guilherme Rambo Best Buddy AppsCVE-2024-23205 CVE-2022-48554 Junsung Lee Trend Micro Zero Day InitiativeAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R CVE-2024-23291 Marc Newlin SkySafeCristian Dinca Computer ScienceRomania anbu1024 SecANT
Affected Software | Affected Version | How to fix |
---|---|---|
iPadOS | <17.4 | |
Apple iPhone OS | <17.4 | |
Apple iOS | <17.4 | 17.4 |
iPadOS | <17.4 | 17.4 |
<17.4 | 17.4 | |
<17.4 | 17.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-23256 has been classified as a privacy issue impacting users who have Locked Private Browsing enabled.
To resolve CVE-2024-23256, it is recommended to update to iOS or iPadOS version 17.4.
CVE-2024-23256 may allow a user's locked tabs to be briefly visible when switching between tab groups, potentially exposing private information.
CVE-2024-23256 affects devices running iOS or iPadOS versions prior to 17.4.
Currently, there are no specific workarounds for CVE-2024-23256 other than updating to the latest version.