CVE-2024-23290: An app may be able to access user-sensitive data in Apple iOS and iPadOS
CVE-2024-23290 is a logic vulnerability in Apple iOS and iPadOS that could allow an app to access user-sensitive data. This issue was addressed by Apple through improved restrictions and state management. The vulnerability affects iOS and iPadOS versions prior to 17. 4. Apple released fixes for this issue in iOS 17. 4 and iPadOS 17. 4 on March 5, 2024. The CVSS score is 5. 3, indicating a medium severity level. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
CVE-2024-23290 is a logic issue in Apple iOS and iPadOS that allowed an app to access sensitive user data due to insufficient restrictions. Apple addressed this vulnerability by improving state management and applying stricter access controls. The fix was included in iOS 17.4 and iPadOS 17.4 releases. The vulnerability has a CVSS 3.1 base score of 5.3 (medium severity), with attack vector local, low attack complexity, low privileges required, no user interaction, and impacts on confidentiality, integrity, and availability at a low level. The issue is part of a broader set of security updates released by Apple on March 5, 2024, which also address multiple other vulnerabilities across Apple platforms.
Potential Impact
An app with local access and low privileges could exploit this logic flaw to read sensitive user data that should be protected. The impact includes potential unauthorized disclosure of user-sensitive information, with low impacts on integrity and availability. There are no reports of active exploitation in the wild. The vulnerability could compromise user privacy if exploited.
Mitigation Recommendations
Apple has released official fixes for this vulnerability in iOS 17.4 and iPadOS 17.4. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation steps are required beyond applying the official update.
CVE-2024-23290: An app may be able to access user-sensitive data in Apple iOS and iPadOS
Description
CVE-2024-23290 is a logic vulnerability in Apple iOS and iPadOS that could allow an app to access user-sensitive data. This issue was addressed by Apple through improved restrictions and state management. The vulnerability affects iOS and iPadOS versions prior to 17. 4. Apple released fixes for this issue in iOS 17. 4 and iPadOS 17. 4 on March 5, 2024. The CVSS score is 5. 3, indicating a medium severity level. There are no known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-23290 is a logic issue in Apple iOS and iPadOS that allowed an app to access sensitive user data due to insufficient restrictions. Apple addressed this vulnerability by improving state management and applying stricter access controls. The fix was included in iOS 17.4 and iPadOS 17.4 releases. The vulnerability has a CVSS 3.1 base score of 5.3 (medium severity), with attack vector local, low attack complexity, low privileges required, no user interaction, and impacts on confidentiality, integrity, and availability at a low level. The issue is part of a broader set of security updates released by Apple on March 5, 2024, which also address multiple other vulnerabilities across Apple platforms.
Potential Impact
An app with local access and low privileges could exploit this logic flaw to read sensitive user data that should be protected. The impact includes potential unauthorized disclosure of user-sensitive information, with low impacts on integrity and availability. There are no reports of active exploitation in the wild. The vulnerability could compromise user privacy if exploited.
Mitigation Recommendations
Apple has released official fixes for this vulnerability in iOS 17.4 and iPadOS 17.4. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation steps are required beyond applying the official update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.501Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47596d939959c8022ca0
Added to database: 11/4/2025, 6:35:05 PM
Last enriched: 4/9/2026, 11:09:06 PM
Last updated: 5/9/2026, 8:37:23 AM
Views: 40
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.