Lucene search

[email protected]NVD:CVE-2024-23282

HistoryJun 10, 2024 - 9:15 p.m.

CVE-2024-23282

2024-06-1021:15:49

[email protected]

web.nvd.nist.gov

improved checks

facetime call initiation

macos sonoma 14.5

watchos 10.5

ios 17.5

ipados 17.5

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.9%

JSON

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.

Affected configurations

NVD

Node

appleipadosRange<16.7.8

appleipadosRange17.0–17.5

appleiphone_osRange<16.7.8

appleiphone_osRange17.0–17.5

applemacosRange14.0–14.5

applewatchosRange<10.5

References

support.apple.com/en-us/HT214100

support.apple.com/en-us/HT214101

support.apple.com/en-us/HT214104

support.apple.com/en-us/HT214106

support.apple.com/kb/HT214100

support.apple.com/kb/HT214101

support.apple.com/kb/HT214104

support.apple.com/kb/HT214106

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.9%

JSON

Related for NVD:CVE-2024-23282

cve1 cvelist1 apple4 openvas1 nessus1