CVE-2024-23240: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication in Apple iOS and iPadOS
CVE-2024-23240 is a low-severity vulnerability in Apple iOS and iPadOS where the shake-to-undo feature may allow a deleted photo to be re-surfaced without requiring user authentication. This issue was addressed by Apple with improved checks and fixed in iOS 17. 4 and iPadOS 17. 4. The vulnerability does not allow direct access to photo content without user interaction but could potentially expose deleted photos temporarily. The CVSS score is 2. 4, indicating low impact. Apple has released an official fix as part of the iOS 17. 4 and iPadOS 17. 4 updates.
AI Analysis
Technical Summary
The vulnerability CVE-2024-23240 affects the shake-to-undo feature in Apple iOS and iPadOS, where shaking the device to undo an action may cause a deleted photo to reappear without requiring authentication. Apple addressed this privacy issue by implementing improved checks in the affected feature. The fix is included in iOS 17.4 and iPadOS 17.4. The CVSS 3.1 base score is 2.4, reflecting a low-severity issue with no direct confidentiality or availability impact but limited integrity impact. No known exploits are reported in the wild.
Potential Impact
An attacker or unauthorized user could potentially cause a deleted photo to be temporarily re-surfaced without authentication via the shake-to-undo feature. This may lead to limited exposure of deleted photos but does not grant broader access to device data or system controls. The impact is limited to integrity with no confidentiality or availability compromise. The low CVSS score reflects the limited scope and difficulty of exploitation.
Mitigation Recommendations
Apple has released an official fix for this vulnerability in iOS 17.4 and iPadOS 17.4. Users and administrators should apply these updates to affected devices to remediate the issue. Since the fix is available, no additional mitigation steps are required beyond updating to the patched versions.
CVE-2024-23240: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication in Apple iOS and iPadOS
Description
CVE-2024-23240 is a low-severity vulnerability in Apple iOS and iPadOS where the shake-to-undo feature may allow a deleted photo to be re-surfaced without requiring user authentication. This issue was addressed by Apple with improved checks and fixed in iOS 17. 4 and iPadOS 17. 4. The vulnerability does not allow direct access to photo content without user interaction but could potentially expose deleted photos temporarily. The CVSS score is 2. 4, indicating low impact. Apple has released an official fix as part of the iOS 17. 4 and iPadOS 17. 4 updates.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2024-23240 affects the shake-to-undo feature in Apple iOS and iPadOS, where shaking the device to undo an action may cause a deleted photo to reappear without requiring authentication. Apple addressed this privacy issue by implementing improved checks in the affected feature. The fix is included in iOS 17.4 and iPadOS 17.4. The CVSS 3.1 base score is 2.4, reflecting a low-severity issue with no direct confidentiality or availability impact but limited integrity impact. No known exploits are reported in the wild.
Potential Impact
An attacker or unauthorized user could potentially cause a deleted photo to be temporarily re-surfaced without authentication via the shake-to-undo feature. This may lead to limited exposure of deleted photos but does not grant broader access to device data or system controls. The impact is limited to integrity with no confidentiality or availability compromise. The low CVSS score reflects the limited scope and difficulty of exploitation.
Mitigation Recommendations
Apple has released an official fix for this vulnerability in iOS 17.4 and iPadOS 17.4. Users and administrators should apply these updates to affected devices to remediate the issue. Since the fix is available, no additional mitigation steps are required beyond updating to the patched versions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.481Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47506d939959c8022695
Added to database: 11/4/2025, 6:34:56 PM
Last enriched: 4/9/2026, 11:02:10 PM
Last updated: 5/13/2026, 7:54:58 PM
Views: 55
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.