Rewterz Threat Advisory – Multiple Google Android Vulnerabilities
March 13, 2024Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
March 13, 2024Rewterz Threat Advisory – Multiple Google Android Vulnerabilities
March 13, 2024Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
March 13, 2024Severity
Medium
Analysis Summary
CVE-2024-23284 CVSS:6.5
Apple Safari could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to prevent Content Security Policy from being enforced.
CVE-2024-23280 CVSS:6.5
Apple Safari could allow a remote attacker to bypass security restrictions, caused by an injection issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to fingerprint the user.
CVE-2024-23254 CVSS:6.5
Apple Safari could allow a remote attacker to obtain sensitive information, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to exfiltrate audio data cross-origin.
CVE-2024-23252 CVSS:6.5
Apple Safari is vulnerable to a denial of service, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-23273 CVSS:6.5
Apple Safari could allow a remote attacker to bypass security restrictions, caused by an issue in the Safari Private Browsing component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to access Private Browsing tabs without authentication.
CVE-2024-23263 CVSS:6.5
Apple Safari could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to prevent Content Security Policy from being enforced.
Impact
- Denial of Service
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-23284
- CVE-2024-23280
- CVE-2024-23254
- CVE-2024-23252
- CVE-2024-23273
- CVE-2024-23263
Affected Vendors
Apple
Affected Products
- Apple Safari 17.3
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.