Rewterz Threat Advisory – Multiple Apple visionOS Vulnerabilities
March 11, 2024Rewterz Threat Advisory – CVE-2023-6000 – WordPress Looking Forward Software Popup Builder Plugin Vulnerability Exploit in the Wild
March 11, 2024Rewterz Threat Advisory – Multiple Apple visionOS Vulnerabilities
March 11, 2024Rewterz Threat Advisory – CVE-2023-6000 – WordPress Looking Forward Software Popup Builder Plugin Vulnerability Exploit in the Wild
March 11, 2024Severity
Medium
Analysis Summary
CVE-2024-23241 CVSS:5.5
Apple tvOS could allow a local attacker to obtain sensitive information, caused by an issue in the Spotlight component. By using a specially crafted application, an attacker could exploit this vulnerability to leak sensitive user information.
CVE-2024-23293 CVSS:5.5
Apple tvOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to use Siri to access sensitive user data.
CVE-2024-23290 CVSS:5.5
Apple tvOS could allow a local attacker to obtain sensitive information, caused by a logic issue in the Sandbox component. By using a specially crafted application, an attacker could exploit this vulnerability to access user-sensitive data.
CVE-2024-23239 CVSS:5.5
Apple tvOS could allow a local attacker to obtain sensitive information, caused by a race condition in the Sandbox component. By using a specially crafted application, an attacker could exploit this vulnerability to leak sensitive user information.
CVE-2024-23297 CVSS:5.5
Apple tvOS could allow a local attacker to obtain sensitive information, caused by an issue in the MediaRemote component. By using a specially crafted application, an attacker could exploit this vulnerability to access private information.
CVE-2024-0258 CVSS:7.8
Apple tvOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the libxpc component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code out of its sandbox or with certain elevated privileges.
CVE-2024-23270 CVSS:7.8
Apple tvOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Image Processing component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
CVE-2024-23250 CVSS:5.5
Apple tvOS could allow a local attacker to bypass security restrictions, caused by an access issue in the CoreBluetooth – LE component. By using a specially crafted application, an attacker could exploit this vulnerability to access Bluetooth-connected microphones without user permission.
CVE-2024-23288 CVSS:7.8
Apple tvOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the AppleMobileFileIntegrity component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2024-23291 CVSS:5.5
Apple tvOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Accessibility component. By using a specially crafted application, an attacker could exploit this vulnerability to observe user data in log entries related to accessibility notifications.
Impact
- Information Disclosure
- Privilege Escalation
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-23241
- CVE-2024-23293
- CVE-2024-23290
- CVE-2024-23239
- CVE-2024-23297
- CVE-2024-0258
- CVE-2024-23270
- CVE-2024-23250
- CVE-2024-23288
- CVE-2024-23291
Affected Vendors
Apple
Affected Products
- Apple tvOS 17.3
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.