CVE-2024-23295: Input Validation

First published: Thu Mar 07 2024(Updated: )

A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.

Credit: Patrick Reardon product-security@apple.com Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeCVE-2024-23296 CVE-2024-23220 Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik Pwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina Junsung Lee Trend Micro Zero Day InitiativeAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R CVE-2024-23235 Xinru Chi Pangu LabCVE-2024-23225 Zhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsGuilherme Rambo Best Buddy Appsanbu1024 SecANT

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/first-publish-date
• agent/type
• collector/mitre-cve
• source/MITRE
• agent/severity
• agent/trending
• agent/source
• agent/weakness
• agent/references
• agent/description
• agent/last-modified-date
• agent/author
• agent/softwarecombine
• agent/tags
• agent/event
• collector/apple-support
• source/Apple
• alias/CVE-2024-23286
• alias/CVE-2024-23235
• alias/CVE-2024-23265
• alias/CVE-2024-23225
• alias/CVE-2024-23264
• alias/CVE-2024-23295
• alias/CVE-2024-23296
• alias/CVE-2024-23220
• alias/CVE-2024-23246
• alias/CVE-2024-54658
• alias/CVE-2024-23226
• alias/CVE-2024-27859
• alias/CVE-2024-23254
• alias/CVE-2024-23263
• alias/CVE-2024-23284
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• alias/CVE-2024-23257
• alias/CVE-2024-23258
• collector/nvd-api
• source/NVD
• vendor/apple
• canonical/visionos