Severity
High
Analysis Summary
CVE-2024-0230 CVSS:2
Apple Magic Keyboard is vulnerable to a machine-in-the-middle attack, caused by a session management issue. By sniffing the network traffic, a physically proximate attacker could exploit this vulnerability to gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVE-2024-23219 CVSS:5.5
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by an issue in the Reset Services component. By using a specially crafted application, an attacker could exploit this vulnerability to disable Stolen Device Protection.
CVE-2024-23204 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by an error in the Shortcuts component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
CVE-2024-23217 CVSS:5.5
Apple watchOS could allow a local attacker to bypass security restrictions, caused by a privacy error in the Shortcuts component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass certain Privacy preferences.
CVE-2024-23207 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by an error in the Mail Search component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
Impact
- Gain Access
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-22428
Affected Vendors
Apple
Affected Products
- Apple Magic Keyboard
- Apple Magic Keyboard 2021
- Apple Magic Keyboard with Numeric Keypad
- Apple Magic Keyboard with Touch ID
- Apple Magic Keyboard with Touch ID and Numeric Keypad
- Apple iOS 17.2
- Apple iPadOS 17.2
- Apple watchOS 10.2
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.