CVE-2024-23261 - Vulnerability Details

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00305.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
https://support.apple.com/en-us/120895
https://support.apple.com/en-us/120910
https://support.apple.com/en-us/120912
https://support.apple.com/en-us/HT214084
https://support.apple.com/en-us/HT214118
https://support.apple.com/en-us/HT214120
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214120

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
References		https://support.apple.com/en-us/120895 https://support.apple.com/en-us/120910 https://support.apple.com/en-us/120912

Tue, 04 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://support.apple.com/kb/HT214118 https://support.apple.com/kb/HT214120

Thu, 13 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 12 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple macos
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-07-29T22:16:42.022Z

Updated: 2026-04-02T18:11:57.405Z

Reserved: 2024-01-12T22:22:21.489Z

Link: CVE-2024-23261

Vulnrichment

Updated: 2025-11-04T17:14:24.545Z

NVD

Status : Modified

Published: 2024-07-29T23:15:10.037

Modified: 2026-04-02T19:17:07.900

Link: CVE-2024-23261

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object