CVE-2024-23247: Processing a file may lead to unexpected app termination or arbitrary code execution in Apple macOS
CVE-2024-23247 is a high-severity vulnerability in Apple macOS that could allow an attacker to decrypt legacy RSA PKCS#1 v1. 5 ciphertexts without possessing the private key. The issue is a timing side-channel vulnerability in cryptographic functions, addressed by improvements to constant-time computation. This vulnerability affects multiple macOS versions including Monterey 12. 7. 4, Ventura 13. 6. 5, and Sonoma 14. 4. Apple has released official patches for these versions to mitigate the issue.
AI Analysis
Technical Summary
CVE-2024-23247 is a timing side-channel vulnerability in the CoreCrypto component of Apple macOS that may allow an attacker to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without access to the private key. The vulnerability arises from insufficient constant-time computation in cryptographic functions, potentially leaking sensitive information through timing analysis. Apple addressed this issue by improving constant-time computation in affected cryptographic functions. The vulnerability is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, and macOS Sonoma 14.4.
Potential Impact
An attacker exploiting this vulnerability could decrypt legacy RSA PKCS#1 v1.5 ciphertexts without the private key, potentially compromising the confidentiality of encrypted data. This could lead to unauthorized data disclosure. The CVSS v3.1 base score is 7.8 (high), reflecting the significant confidentiality, integrity, and availability impacts. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Apple has released official security updates that fix this vulnerability in macOS Monterey 12.7.4, macOS Ventura 13.6.5, and macOS Sonoma 14.4. Users and administrators should apply these updates promptly to mitigate the risk. Since this is a client operating system vulnerability, remediation requires installing the vendor-provided patches. Patch status is confirmed by Apple advisories linked in the vendor content.
CVE-2024-23247: Processing a file may lead to unexpected app termination or arbitrary code execution in Apple macOS
Description
CVE-2024-23247 is a high-severity vulnerability in Apple macOS that could allow an attacker to decrypt legacy RSA PKCS#1 v1. 5 ciphertexts without possessing the private key. The issue is a timing side-channel vulnerability in cryptographic functions, addressed by improvements to constant-time computation. This vulnerability affects multiple macOS versions including Monterey 12. 7. 4, Ventura 13. 6. 5, and Sonoma 14. 4. Apple has released official patches for these versions to mitigate the issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-23247 is a timing side-channel vulnerability in the CoreCrypto component of Apple macOS that may allow an attacker to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without access to the private key. The vulnerability arises from insufficient constant-time computation in cryptographic functions, potentially leaking sensitive information through timing analysis. Apple addressed this issue by improving constant-time computation in affected cryptographic functions. The vulnerability is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, and macOS Sonoma 14.4.
Potential Impact
An attacker exploiting this vulnerability could decrypt legacy RSA PKCS#1 v1.5 ciphertexts without the private key, potentially compromising the confidentiality of encrypted data. This could lead to unauthorized data disclosure. The CVSS v3.1 base score is 7.8 (high), reflecting the significant confidentiality, integrity, and availability impacts. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Apple has released official security updates that fix this vulnerability in macOS Monterey 12.7.4, macOS Ventura 13.6.5, and macOS Sonoma 14.4. Users and administrators should apply these updates promptly to mitigate the risk. Since this is a client operating system vulnerability, remediation requires installing the vendor-provided patches. Patch status is confirmed by Apple advisories linked in the vendor content.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.484Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47526d939959c80226e1
Added to database: 11/4/2025, 6:34:58 PM
Last enriched: 4/9/2026, 11:03:24 PM
Last updated: 5/9/2026, 8:39:26 AM
Views: 44
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.