CVE-2024-23289 is a vulnerability identified in Apple’s iOS, iPadOS, macOS Sonoma, and watchOS platforms that allows an attacker with physical access to a device to leverage Siri to access private calendar information despite the device being locked. The root cause is a lock screen state management flaw that permits Siri to bypass normal access controls and retrieve calendar data without requiring user authentication or interaction. This vulnerability was addressed by Apple through improved state management in iOS 16.7.6, iPadOS 16.7.6, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, and watchOS 10.4. The CVSS v3.1 base score is 5.5, reflecting a medium severity primarily due to the requirement of physical access and low privileges, no user interaction, and the limited scope of data exposure (calendar information only). The vulnerability does not compromise confidentiality or integrity of other data but does allow unauthorized availability of calendar details, which could lead to privacy violations or targeted social engineering attacks. No known exploits are currently reported in the wild, but the presence of this vulnerability highlights the importance of securing physical access to devices and timely patching.

For European organizations, the primary impact is the unauthorized disclosure of private calendar information, which can reveal sensitive scheduling details, meeting locations, and participant identities. This exposure can facilitate targeted social engineering, espionage, or insider threats. While the vulnerability does not allow modification or deletion of data, the privacy breach itself can have reputational and operational consequences, especially for sectors handling confidential or strategic information such as government, finance, and critical infrastructure. Organizations with shared devices, hot desks, or public access points are at higher risk. The requirement for physical access limits remote exploitation but increases the threat in environments where devices are left unattended. The medium severity suggests a moderate risk that should be addressed promptly to prevent potential misuse.

European organizations should implement the following specific mitigations: 1) Immediately apply Apple’s security updates (iOS/iPadOS 16.7.6 and 17.4, macOS Sonoma 14.4, watchOS 10.4) to all affected devices. 2) Enforce strict physical security controls to prevent unauthorized access to devices, including secure storage and device lock policies. 3) Configure Siri settings to restrict lock screen access or disable Siri on the lock screen where feasible, especially on devices used in sensitive environments. 4) Educate users about the risks of leaving devices unattended and encourage the use of strong passcodes and biometric locks. 5) Monitor device usage and access logs for unusual activity that might indicate attempts to exploit this vulnerability. 6) For high-risk environments, consider deploying Mobile Device Management (MDM) solutions to enforce security policies and remotely manage device settings related to Siri and lock screen access.