CVE-2024-23204
Published: 23 January 2024
Summary
CVE-2024-23204 is a high-severity an unspecified weakness vulnerability in Apple Ipados. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique TCC Manipulation (T1548.006); ranked at the 40.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20723
Vulnerability details
The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. A shortcut may be able to…
more
use sensitive data with certain actions without prompting the user.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-23204 in Shortcuts enables bypassing permission prompts to access sensitive user data without consent, facilitating abuse of macOS/iOS privacy controls analogous to TCC manipulation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.