{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-23206", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.476Z", "datePublished": "2024-01-23T00:25:22.555Z", "dateUpdated": "2026-04-02T18:16:20.058Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A maliciously crafted webpage may be able to fingerprint the user"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "0", "status": "affected", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "16.7.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "0", "status": "affected", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "0", "status": "affected", "lessThan": "10.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user."}], "references": [{"url": "https://support.apple.com/en-us/120304"}, {"url": "https://support.apple.com/en-us/120306"}, {"url": "https://support.apple.com/en-us/120309"}, {"url": "https://support.apple.com/en-us/120310"}, {"url": "https://support.apple.com/en-us/120311"}, {"url": "https://support.apple.com/en-us/120339"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:16:20.058Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:31.757Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214059", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214063", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214055", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214056", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214060", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214061", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214060", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214063", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214059", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214061", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214055", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214056", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/27", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/33", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/36", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/34", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/39", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/40", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-15T14:46:17.452812Z", "id": "CVE-2024-23206", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T14:51:37.307Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214059", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214063", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214055", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214056", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214060", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214061", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214060", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214063", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214059", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214061", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214055", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214056", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/27", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/33", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/36", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/34", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/39", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/40", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:31.757Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-15T14:46:17.452812Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T14:50:08.813Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "0", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "16.7.5", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "14.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "0", "lessThan": "17.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "0", "lessThan": "10.3", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/120304"}, {"url": "https://support.apple.com/en-us/120306"}, {"url": "https://support.apple.com/en-us/120309"}, {"url": "https://support.apple.com/en-us/120310"}, {"url": "https://support.apple.com/en-us/120311"}, {"url": "https://support.apple.com/en-us/120339"}], "descriptions": [{"lang": "en", "value": "An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A maliciously crafted webpage may be able to fingerprint the user"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:16:20.058Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23206", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:16:20.058Z", "dateReserved": "2024-01-12T22:22:21.476Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-01-23T00:25:22.555Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D6F41D4-58ED-4E0B-90B4-3EDDB7CEA240", "versionEndExcluding": "17.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97", "versionEndExcluding": "16.7.5", "versionStartExcluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF", "versionEndExcluding": "17.3", "versionStartExcluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D", "versionEndExcluding": "16.7.5", "versionStartExcluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF", "versionEndExcluding": "17.3", "versionStartExcluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A4823C4-3812-46DB-8295-D021C93236CC", "versionEndExcluding": "14.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38", "versionEndExcluding": "17.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03", "versionEndExcluding": "10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de acceso mejorando las restricciones de acceso. Este problema se solucion\u00f3 en watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."}], "id": "CVE-2024-23206", "lastModified": "2026-04-02T19:16:54.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-23T01:15:10.840", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120304"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120306"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120309"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120310"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120311"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/02/05/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT214063"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user", "id": "2269743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "details": ["An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.", "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim."], "name": "CVE-2024-23206", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-01-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23206\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23206\nhttps://webkitgtk.org/security/WSA-2024-0001.html"], "threat_severity": "Moderate"}

{}