SpirityCVE

The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://www.spirityenterprise.com/managed-detection-response
http://seclists.org/fulldisclosure/2024/Jan/33
http://seclists.org/fulldisclosure/2024/Jan/36
http://seclists.org/fulldisclosure/2024/Jan/39
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
https://support.apple.com/en-us/120304
https://support.apple.com/en-us/120306
https://support.apple.com/en-us/120309
https://support.apple.com/en-us/120880
https://support.apple.com/en-us/120884
https://support.apple.com/en-us/120886
https://support.apple.com/en-us/HT214059
https://support.apple.com/en-us/HT214060
https://support.apple.com/en-us/HT214061
https://support.apple.com/kb/HT214061
https://support.apple.com/kb/HT214082
https://support.apple.com/kb/HT214083
https://support.apple.com/kb/HT214085

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.	The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References		https://support.apple.com/en-us/120304 https://support.apple.com/en-us/120306 https://support.apple.com/en-us/120309 https://support.apple.com/en-us/120880 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://support.apple.com/kb/HT214061

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-01-23T00:25:30.276Z

Updated: 2026-04-02T18:22:22.659Z

Reserved: 2024-01-12T22:22:21.475Z

Link: CVE-2024-23204

Vulnrichment

Updated: 2025-11-04T18:23:51.927Z

NVD

Status : Modified

Published: 2024-01-23T01:15:10.787

Modified: 2026-04-02T19:16:54.130

Link: CVE-2024-23204

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object