Rewterz Threat Alert – Spoofed Google Meet, Skype, Zoom Websites Being Leveraged by Threat Actors to Spread Malware – Active IOCs
March 8, 2024Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities
March 9, 2024Rewterz Threat Alert – Spoofed Google Meet, Skype, Zoom Websites Being Leveraged by Threat Actors to Spread Malware – Active IOCs
March 8, 2024Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities
March 9, 2024Severity
Medium
Analysis Summary
CVE-2024-23289 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a lock screen issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to use Siri to access private calendar information.
CVE-2024-23231 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Share Sheet component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
CVE-2024-23278 CVSS:5.5
Apple watchOS could allow a local attacker to bypass security restrictions, caused by an issue in the libxpc component. By using a specially crafted application, an attacker could exploit this vulnerability to to break out of its sandbox.
CVE-2024-23287 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Messages component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
Impact
- Information Disclosure
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-23289
- CVE-2024-23231
- CVE-2024-23278
- CVE-2024-23287
Affected Vendors
Apple
Affected Products
- Apple watchOS 10.3
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.