CVE-2024-23261: Input Validation
First published: Thu Mar 07 2024(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user.
Credit: Matthew Loewen product-security@apple.com Minghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu SecurityMickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeD4m0n Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 an anonymous researcher w0wbox CVE-2023-6277 CVE-2023-52356 Yisumi Junsung Lee Trend Micro Zero Day InitiativeGandalf4a sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouAdam M. CVE-2024-6387 Zhongquan Li @Guluisacat Dawn Security Lab of JingDongCsaba Fitzl @theevilbit KandjiClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosYadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Kirin @Pwnrin Joshua Jones Marcio Almeida Tanto SecurityBistrit Dahal Srijan Poudel Jiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaAbhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaCVE-2024-23296 luckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina CVE-2024-23238 Wojciech Regula SecuRingYiğit Can YILMAZ @yilmazcanyigit Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23225 koocola ali yabuz Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Pedro Tôrres @t0rr3sp3dr0 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi Zhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike CVE-2024-23235 Xinru Chi Pangu Labm4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.7.6 | 12.7.6 |
| Apple macOS | <12.7.6 | |
| Apple macOS | >=13.0<13.6.8 | |
| Apple macOS | >=14.0<14.4 | |
| Apple macOS | <14.4 | 14.4 |
| Apple macOS | <13.6.8 | 13.6.8 |
| <14.4 | 14.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214118 (Advisory)
- https://support.apple.com/en-us/HT214120 (Advisory)
- https://support.apple.com/en-us/HT214084 (Advisory)
- https://support.apple.com/kb/HT214084
- http://seclists.org/fulldisclosure/2024/Jul/20
- http://seclists.org/fulldisclosure/2024/Jul/19
- https://support.apple.com/en-us/120910 (Advisory)
- https://support.apple.com/en-us/120912 (Advisory)
- https://support.apple.com/en-us/120895 (Advisory)
- https://support.apple.com/kb/HT214118
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40783
- CVE-2024-27826
- CVE-2024-40775
- CVE-2024-40774
- CVE-2024-27877
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40828
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-23296
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-23261
- CVE-2024-23291
- CVE-2024-23276
- CVE-2024-23227
- CVE-2024-27886
- CVE-2024-23233
- CVE-2024-23269
- CVE-2024-23288
- CVE-2024-23277
- CVE-2024-23247
- CVE-2024-23248
- CVE-2024-23249
- CVE-2024-23250
- CVE-2024-23299
- CVE-2024-23244
- CVE-2024-23205
- CVE-2022-48554
- CVE-2024-23229
- CVE-2024-27789
- CVE-2024-23253
- CVE-2024-23270
- CVE-2024-23257
- CVE-2024-23258
- CVE-2024-23286
- CVE-2024-23234
- CVE-2024-23266
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-23225
- CVE-2024-27853
- CVE-2024-23278
- CVE-2024-0258
- CVE-2024-23279
- CVE-2024-23287
- CVE-2024-23264
- CVE-2024-23285
- CVE-2024-27809
- CVE-2024-23283
- CVE-2024-27887
- CVE-2023-48795
- CVE-2023-51384
- CVE-2023-51385
- CVE-2022-42816
- CVE-2024-23216
- CVE-2024-23267
- CVE-2024-23268
- CVE-2024-23274
- CVE-2023-42853
- CVE-2024-23275
- CVE-2024-27888
- CVE-2024-23255
- CVE-2024-23294
- CVE-2024-23259
- CVE-2024-23273
- CVE-2024-23238
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23232
- CVE-2024-23231
- CVE-2024-23230
- CVE-2024-23245
- CVE-2024-23292
- CVE-2024-23289
- CVE-2024-23293
- CVE-2024-23241
- CVE-2024-23272
- CVE-2024-23242
- CVE-2024-23281
- CVE-2024-27792
- CVE-2024-23260
- CVE-2024-23246
- CVE-2024-23226
- CVE-2024-23254
- CVE-2024-23263
- CVE-2024-23280
- CVE-2024-23284
- CVE-2024-40815
- CVE-2024-40784
- CVE-2024-40818
- CVE-2024-40786
- CVE-2024-40829
- CVE-2024-44205
- CVE-2024-54658
- CVE-2024-27859
Frequently Asked Questions
What is the severity of CVE-2024-23261?
CVE-2024-23261 has a high severity as it allows an attacker to potentially read information belonging to another user.
How do I fix CVE-2024-23261?
To address CVE-2024-23261, update your system to macOS Monterey 12.7.6, macOS Ventura 13.6.8, or macOS Sonoma 14.4.
Which versions of macOS are affected by CVE-2024-23261?
CVE-2024-23261 affects macOS versions prior to 12.7.6, 13.6.8, and 14.4.
What type of issue is CVE-2024-23261?
CVE-2024-23261 is a privacy issue caused by a logic flaw that affects state management.
Can CVE-2024-23261 expose my personal data?
Yes, CVE-2024-23261 may allow attackers to read private information belonging to other users.
- agent/type
- agent/first-publish-date
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/trending
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/source
- agent/last-modified-date
- alias/CVE-2024-40774
- alias/CVE-2024-40775
- alias/CVE-2024-27877
- alias/CVE-2024-40799
- alias/CVE-2024-27873
- alias/CVE-2024-2004
- alias/CVE-2024-2379
- alias/CVE-2024-2398
- alias/CVE-2024-2466
- alias/CVE-2024-40827
- alias/CVE-2024-40815
- alias/CVE-2023-6277
- alias/CVE-2023-52356
- alias/CVE-2024-40806
- alias/CVE-2024-40784
- alias/CVE-2024-40816
- alias/CVE-2024-40788
- alias/CVE-2024-40803
- alias/CVE-2024-40796
- alias/CVE-2024-6387
- alias/CVE-2024-40781
- alias/CVE-2024-40802
- alias/CVE-2024-40823
- alias/CVE-2024-27882
- alias/CVE-2024-27883
- alias/CVE-2024-40800
- alias/CVE-2024-40817
- alias/CVE-2024-27881
- alias/CVE-2024-40821
- alias/CVE-2024-40798
- alias/CVE-2024-40833
- alias/CVE-2024-40807
- alias/CVE-2024-40835
- alias/CVE-2024-40834
- alias/CVE-2024-40787
- alias/CVE-2024-40793
- alias/CVE-2024-40809
- alias/CVE-2024-40812
- alias/CVE-2024-40818
- alias/CVE-2024-40786
- alias/CVE-2024-44205
- alias/CVE-2024-40828
- alias/CVE-2024-23261
- alias/CVE-2024-40829
- alias/CVE-2024-27826
- agent/weakness
- agent/description
- agent/references
- alias/CVE-2024-23296
- agent/author
- agent/softwarecombine
- agent/tags
- alias/CVE-2024-23230
- alias/CVE-2024-23245
- alias/CVE-2024-23292
- alias/CVE-2024-23289
- alias/CVE-2024-23293
- alias/CVE-2024-23241
- alias/CVE-2024-23272
- alias/CVE-2024-23242
- alias/CVE-2024-23281
- alias/CVE-2024-27792
- alias/CVE-2024-23260
- alias/CVE-2024-23246
- alias/CVE-2024-54658
- alias/CVE-2024-23226
- alias/CVE-2024-27859
- alias/CVE-2024-23254
- alias/CVE-2024-23263
- alias/CVE-2024-23280
- alias/CVE-2024-23284
- alias/CVE-2024-23239
- alias/CVE-2024-23290
- alias/CVE-2024-23232
- alias/CVE-2024-23231
- alias/CVE-2024-23273
- alias/CVE-2024-23238
- alias/CVE-2024-27853
- alias/CVE-2024-23278
- alias/CVE-2024-0258
- alias/CVE-2024-23279
- alias/CVE-2024-23287
- alias/CVE-2024-23264
- alias/CVE-2024-23285
- alias/CVE-2024-27809
- alias/CVE-2024-23283
- alias/CVE-2024-27887
- alias/CVE-2023-48795
- alias/CVE-2023-51384
- alias/CVE-2023-51385
- alias/CVE-2022-42816
- alias/CVE-2024-23216
- alias/CVE-2024-23267
- alias/CVE-2024-23268
- alias/CVE-2024-23274
- alias/CVE-2023-42853
- alias/CVE-2024-23275
- alias/CVE-2024-27888
- alias/CVE-2024-23255
- alias/CVE-2024-23294
- alias/CVE-2024-23259
- alias/CVE-2024-23257
- alias/CVE-2024-23258
- alias/CVE-2024-23286
- alias/CVE-2024-23234
- alias/CVE-2024-23266
- alias/CVE-2024-23235
- alias/CVE-2024-23265
- alias/CVE-2024-23225
- alias/CVE-2024-23248
- alias/CVE-2024-23249
- alias/CVE-2024-23250
- alias/CVE-2024-23299
- alias/CVE-2024-23244
- alias/CVE-2024-23205
- alias/CVE-2022-48554
- alias/CVE-2024-23229
- alias/CVE-2024-27789
- alias/CVE-2024-23253
- alias/CVE-2024-23270
- alias/CVE-2024-23277
- alias/CVE-2024-23247
- alias/CVE-2024-23288
- alias/CVE-2024-23227
- alias/CVE-2024-27886
- alias/CVE-2024-23233
- alias/CVE-2024-23269
- alias/CVE-2024-23276
- agent/event
- vendor/apple
- canonical/apple macos monterey
- canonical/apple macos
- version/apple macos/13.0
- version/apple macos/14.0