CVE-2024-23255
EUVD-2024-2077408.03.2024, 02:15
An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apple | ipad_os | 𝑥 < 17.4 |
| apple | iphone_os | 𝑥 < 17.4 |
| apple | macos | 14.0 ≤ 𝑥 < 14.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| apple | macos | 𝑥 < 14.4 | ADP |
| apple | ios | 𝑥 < 17.4 | ADP |
| apple | ipados | 𝑥 < 17.4 | ADP |
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.