« List of all CVEs

CVE-2024-23254

Published: 3/8/2024 Last updated: 2/13/2025 Reserved: 1/12/2024

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

CNA assigner: apple (286789f9-fbc2-4510-9f9a-43facdede74c) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 6.5 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Opam packages affected (1)

javascriptcore

Products affected (6)

Product Vendor Version
visionOS Apple n/a
tvOS Apple < 6.1.7601.25632
iOS and iPadOS Apple n/a
Safari Apple n/a
macOS Apple PE prior to 2016.4.5 or 2017.2.1
watchOS Apple 5.0.2

References (26)