Severity
Medium
Analysis Summary
CVE-2024-23243 CVSS:5.5
Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Accessibility component. By using a specially crafted application, an attacker could exploit this vulnerability to read sensitive location information.
CVE-2024-23256 CVSS:5.5
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a logic issue in the Safari Private Browsing component. By using a specially crafted application, an attacker could exploit this vulnerability to allow a user’s locked tabs to become briefly visible while switching tab groups when Locked Private Browsing is enabled.
CVE-2024-23296 CVSS:5.5
Apple iOS and iPadOS could allow a local authenticated attacker to bypass security restrictions, caused by a memory corruption issue in the RTKit component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass kernel memory protections.
CVE-2024-23225 CVSS:5.5
Apple iOS and iPadOS could allow a local authenticated attacker to bypass security restrictions, caused by a memory corruption issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass kernel memory protections.
Impact
- Information Disclosure
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-23243
- CVE-2024-23256
- CVE-2024-23296
- CVE-2024-23225
Affected Vendors
Apple
Affected Products
- Apple iPadOS 17.3
- Apple iOS 17.3
- Apple iPadOS 16.7.5
- Apple iOS 16.7.5
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.