CVE-2024-23206 is a WebKit vulnerability in Apple Safari that could allow a maliciously crafted webpage to fingerprint users by exploiting an access control issue. Apple fixed this vulnerability by improving access restrictions and memory handling in Safari 17.3 and related OS updates (iOS 16.7.5/17.3, iPadOS 16.7.5/17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3). The vulnerability has a CVSS 3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N), indicating it can be exploited remotely without privileges but requires user interaction, and leads to high confidentiality impact without affecting integrity or availability. Apple’s official advisories confirm the issue and the availability of patches.

A maliciously crafted webpage could fingerprint users by exploiting an access issue in Safari's WebKit engine, potentially compromising user privacy by exposing identifying information. The vulnerability does not allow code execution or denial of service but impacts confidentiality. The CVSS score of 6.5 reflects a medium severity with high confidentiality impact. There are no known active exploits reported in the wild.

Apple has released official patches addressing CVE-2024-23206 in Safari 17.3 and corresponding OS updates including iOS 16.7.5 and 17.3, iPadOS 16.7.5 and 17.3, macOS Sonoma 14.3, tvOS 17.3, and watchOS 10.3. Users and administrators should apply these updates promptly to mitigate the vulnerability. Since the vendor advisory confirms the fix, no additional mitigation steps are required beyond updating to the fixed versions.