What is the severity of CVE-2024-23292?

CVE-2024-23292 has been classified as a moderate severity vulnerability.

How do I fix CVE-2024-23292?

To fix CVE-2024-23292, update your devices to macOS Sonoma 14.4, iOS 17.4, or iPadOS 17.4.

What does CVE-2024-23292 affect?

CVE-2024-23292 affects Apple iOS, iPadOS, and macOS versions prior to the specified updates.

What type of issue is CVE-2024-23292?

CVE-2024-23292 is a data protection vulnerability that may allow unauthorized access to a user's contacts.

When was CVE-2024-23292 discovered?

CVE-2024-23292 was disclosed in March 2024 as part of Apple's regular security updates.

Vulnerability/
CVE-2024-23292

low

3.3

CWE

119 362 20

5/3/2024

8/3/2024

5/2/2025

CVE-2024-23292: Buffer Overflow

First published: Tue Mar 05 2024(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: K宝 Fudan UniversityLFY @secsys Fudan University product-security@apple.com Kirin @Pwnrin luckyu @uuulucky Mickey Jin @patch1t an anonymous researcher Lewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina CVE-2024-23238 Wojciech Regula SecuRingYiğit Can YILMAZ @yilmazcanyigit Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23225 koocola ali yabuz Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Pedro Tôrres @t0rr3sp3dr0 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi CVE-2024-23296 Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike CVE-2024-23235 Xinru Chi Pangu Labm4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291 scj643 CVE-2024-23220 Om Kothawade Cristian Dinca Computer ScienceRomania

Affected Software	Affected Version	How to fix
Apple macOS	<14.4	14.4
	<14.4	14.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<17.4
iStyle @cosme iPhone OS	<17.4
Apple iOS and macOS	>=14.0<14.4

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT214081 (Advisory)
https://support.apple.com/en-us/HT214084 (Advisory)
http://seclists.org/fulldisclosure/2024/Mar/21
https://support.apple.com/en-us/120893 (Advisory)
https://support.apple.com/en-us/120895 (Advisory)
https://support.apple.com/kb/HT214084

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23291
CVE-2024-23276
CVE-2024-23227
CVE-2024-27886
CVE-2024-23233
CVE-2024-23269
CVE-2024-23288
CVE-2024-23277
CVE-2024-23247
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23299
CVE-2024-23244
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-23270
CVE-2024-23257
CVE-2024-23258
CVE-2024-23286
CVE-2024-23234
CVE-2024-23266
CVE-2024-23235
CVE-2024-23265
CVE-2024-23225
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23264
CVE-2024-23285
CVE-2024-27809
CVE-2024-23283
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2024-23216
CVE-2024-23267
CVE-2024-23268
CVE-2024-23274
CVE-2023-42853
CVE-2024-23275
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23296
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23230
CVE-2024-23245
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23272
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23246
CVE-2024-23226
CVE-2024-23254
CVE-2024-23263
CVE-2024-23280
CVE-2024-23284
CVE-2024-54658
CVE-2024-27859
CVE-2024-23243
CVE-2024-23262
CVE-2024-23297
CVE-2024-23240
CVE-2024-23220
CVE-2024-23256

Frequently Asked Questions

What is the severity of CVE-2024-23292?
CVE-2024-23292 has been classified as a moderate severity vulnerability.
How do I fix CVE-2024-23292?
To fix CVE-2024-23292, update your devices to macOS Sonoma 14.4, iOS 17.4, or iPadOS 17.4.
What does CVE-2024-23292 affect?
CVE-2024-23292 affects Apple iOS, iPadOS, and macOS versions prior to the specified updates.
What type of issue is CVE-2024-23292?
CVE-2024-23292 is a data protection vulnerability that may allow unauthorized access to a user's contacts.
When was CVE-2024-23292 discovered?
CVE-2024-23292 was disclosed in March 2024 as part of Apple's regular security updates.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/trending
agent/source
collector/apple-support
source/Apple
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/weakness
agent/references
agent/description
alias/CVE-2024-23230
alias/CVE-2024-23245
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23272
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-54658
alias/CVE-2024-23226
alias/CVE-2024-27859
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23273
alias/CVE-2024-23238
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23264
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-23283
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2024-23216
alias/CVE-2024-23267
alias/CVE-2024-23268
alias/CVE-2024-23274
alias/CVE-2023-42853
alias/CVE-2024-23275
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23257
alias/CVE-2024-23258
alias/CVE-2024-23286
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23235
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-23248
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23270
alias/CVE-2024-23277
alias/CVE-2024-23247
alias/CVE-2024-23288
alias/CVE-2024-23227
alias/CVE-2024-27886
alias/CVE-2024-23233
alias/CVE-2024-23269
alias/CVE-2024-23276
agent/event
agent/author
agent/last-modified-date
alias/CVE-2024-23240
alias/CVE-2024-23220
alias/CVE-2024-23256
alias/CVE-2024-23297
alias/CVE-2024-23291
alias/CVE-2024-23262
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
vendor/apple
canonical/apple macos
canonical/apple ios, ipados, and watchos
canonical/istyle @cosme iphone os
canonical/apple ios and macos
version/apple ios and macos/14.0