Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apple visionOS Vulnerabilities
March 11, 2024
Rewterz
Rewterz Threat Advisory – CVE-2023-6000 – WordPress Looking Forward Software Popup Builder Plugin Vulnerability Exploit in the Wild
March 11, 2024

Rewterz Threat Advisory – Multiple Apple tvOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-23241 CVSS:5.5

Apple tvOS could allow a local attacker to obtain sensitive information, caused by an issue in the Spotlight component. By using a specially crafted application, an attacker could exploit this vulnerability to leak sensitive user information.

CVE-2024-23293 CVSS:5.5

Apple tvOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to use Siri to access sensitive user data.

CVE-2024-23290 CVSS:5.5

Apple tvOS could allow a local attacker to obtain sensitive information, caused by a logic issue in the Sandbox component. By using a specially crafted application, an attacker could exploit this vulnerability to access user-sensitive data.

CVE-2024-23239 CVSS:5.5

Apple tvOS could allow a local attacker to obtain sensitive information, caused by a race condition in the Sandbox component. By using a specially crafted application, an attacker could exploit this vulnerability to leak sensitive user information.

CVE-2024-23297 CVSS:5.5

Apple tvOS could allow a local attacker to obtain sensitive information, caused by an issue in the MediaRemote component. By using a specially crafted application, an attacker could exploit this vulnerability to access private information.

CVE-2024-0258 CVSS:7.8

Apple tvOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the libxpc component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVE-2024-23270 CVSS:7.8

Apple tvOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Image Processing component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2024-23250 CVSS:5.5

Apple tvOS could allow a local attacker to bypass security restrictions, caused by an access issue in the CoreBluetooth – LE component. By using a specially crafted application, an attacker could exploit this vulnerability to access Bluetooth-connected microphones without user permission.

CVE-2024-23288 CVSS:7.8

Apple tvOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the AppleMobileFileIntegrity component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-23291 CVSS:5.5

Apple tvOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Accessibility component. By using a specially crafted application, an attacker could exploit this vulnerability to observe user data in log entries related to accessibility notifications.

Impact

  • Information Disclosure
  • Privilege Escalation
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2024-23241
  • CVE-2024-23293
  • CVE-2024-23290
  • CVE-2024-23239
  • CVE-2024-23297
  • CVE-2024-0258
  • CVE-2024-23270
  • CVE-2024-23250
  • CVE-2024-23288
  • CVE-2024-23291

Affected Vendors

Apple

Affected Products

  • Apple tvOS 17.3

Remediation

Refer to Apple security document for patch, upgrade or suggested workaround information.

Apple security document