CVE-2024-23251: An attacker with physical access may be able to leak Mail account credentials in Apple iOS and iPadOS
CVE-2024-23251 is an authentication vulnerability in Apple iOS and iPadOS Mail applications that could allow an attacker with physical access to leak Mail account credentials. The issue was addressed by Apple through improved state management and is fixed in iOS 16. 7. 8, iPadOS 16. 7. 8, iOS 17. 5, and iPadOS 17. 5. The vulnerability has a CVSS score of 4. 6, indicating a medium severity level.
AI Analysis
Technical Summary
CVE-2024-23251 is an authentication issue in Apple Mail on iOS and iPadOS that could allow an attacker with physical access to leak Mail account credentials. The vulnerability was addressed by Apple with improved state management in iOS 16.7.8, iPadOS 16.7.8, iOS 17.5, and iPadOS 17.5. The CVSS 3.1 vector indicates the attack requires physical access (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impacts confidentiality with high impact (C:H), but no impact on integrity or availability (I:N, A:N).
Potential Impact
An attacker with physical access to a vulnerable device could potentially leak Mail account credentials, compromising the confidentiality of the user's email account information. There is no indication of impact on system integrity or availability. No known exploits in the wild have been reported. The vulnerability is rated medium severity with a CVSS score of 4.6.
Mitigation Recommendations
Apple has released official patches that address this vulnerability in iOS 16.7.8, iPadOS 16.7.8, iOS 17.5, and iPadOS 17.5. Users and organizations should apply these updates promptly to remediate the issue. Since the vulnerability requires physical access, limiting physical device access also reduces risk. No additional mitigations are specified by Apple.
CVE-2024-23251: An attacker with physical access may be able to leak Mail account credentials in Apple iOS and iPadOS
Description
CVE-2024-23251 is an authentication vulnerability in Apple iOS and iPadOS Mail applications that could allow an attacker with physical access to leak Mail account credentials. The issue was addressed by Apple through improved state management and is fixed in iOS 16. 7. 8, iPadOS 16. 7. 8, iOS 17. 5, and iPadOS 17. 5. The vulnerability has a CVSS score of 4. 6, indicating a medium severity level.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-23251 is an authentication issue in Apple Mail on iOS and iPadOS that could allow an attacker with physical access to leak Mail account credentials. The vulnerability was addressed by Apple with improved state management in iOS 16.7.8, iPadOS 16.7.8, iOS 17.5, and iPadOS 17.5. The CVSS 3.1 vector indicates the attack requires physical access (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impacts confidentiality with high impact (C:H), but no impact on integrity or availability (I:N, A:N).
Potential Impact
An attacker with physical access to a vulnerable device could potentially leak Mail account credentials, compromising the confidentiality of the user's email account information. There is no indication of impact on system integrity or availability. No known exploits in the wild have been reported. The vulnerability is rated medium severity with a CVSS score of 4.6.
Mitigation Recommendations
Apple has released official patches that address this vulnerability in iOS 16.7.8, iPadOS 16.7.8, iOS 17.5, and iPadOS 17.5. Users and organizations should apply these updates promptly to remediate the issue. Since the vulnerability requires physical access, limiting physical device access also reduces risk. No additional mitigations are specified by Apple.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.486Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ceb81de6bfc5ba1df6e1ae
Added to database: 4/2/2026, 6:40:29 PM
Last enriched: 4/9/2026, 11:04:03 PM
Last updated: 5/20/2026, 1:17:00 AM
Views: 23
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.