CVE-2024-23295: An unauthenticated user may be able to use an unprotected Persona in Apple visionOS
CVE-2024-23295 is a permissions vulnerability in Apple visionOS that allowed an unauthenticated user to use an unprotected Persona. This issue was addressed in visionOS 1. 1 by implementing additional entitlement checks to ensure Personas are always protected. The vulnerability has a CVSS score of 6. 2, indicating a medium severity. There are no known exploits in the wild. The vendor advisory confirms that the issue is fixed in visionOS 1. 1.
AI Analysis
Technical Summary
CVE-2024-23295 describes a permissions issue in Apple visionOS where an unauthenticated user could use an unprotected Persona. Apple fixed this vulnerability in visionOS 1.1 by adding entitlement checks to ensure that Personas are properly protected. The vulnerability is rated medium severity with a CVSS 3.1 base score of 6.2 (Attack Vector: Local, Attack Complexity: Low, Privileges Required: None, User Interaction: None, Scope: Unchanged, Impact: High Confidentiality, No Integrity or Availability impact).
Potential Impact
An unauthenticated user could potentially use an unprotected Persona, which may lead to unauthorized access to certain user contexts or data associated with that Persona. The impact is primarily on confidentiality, with no reported impact on integrity or availability. There are no known exploits in the wild, and the issue is resolved in visionOS 1.1.
Mitigation Recommendations
Apply the official update to visionOS 1.1, which includes the fix for this vulnerability through additional entitlement checks to protect Personas. No further action is required beyond updating to the patched version as per the Apple advisory.
CVE-2024-23295: An unauthenticated user may be able to use an unprotected Persona in Apple visionOS
Description
CVE-2024-23295 is a permissions vulnerability in Apple visionOS that allowed an unauthenticated user to use an unprotected Persona. This issue was addressed in visionOS 1. 1 by implementing additional entitlement checks to ensure Personas are always protected. The vulnerability has a CVSS score of 6. 2, indicating a medium severity. There are no known exploits in the wild. The vendor advisory confirms that the issue is fixed in visionOS 1. 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-23295 describes a permissions issue in Apple visionOS where an unauthenticated user could use an unprotected Persona. Apple fixed this vulnerability in visionOS 1.1 by adding entitlement checks to ensure that Personas are properly protected. The vulnerability is rated medium severity with a CVSS 3.1 base score of 6.2 (Attack Vector: Local, Attack Complexity: Low, Privileges Required: None, User Interaction: None, Scope: Unchanged, Impact: High Confidentiality, No Integrity or Availability impact).
Potential Impact
An unauthenticated user could potentially use an unprotected Persona, which may lead to unauthorized access to certain user contexts or data associated with that Persona. The impact is primarily on confidentiality, with no reported impact on integrity or availability. There are no known exploits in the wild, and the issue is resolved in visionOS 1.1.
Mitigation Recommendations
Apply the official update to visionOS 1.1, which includes the fix for this vulnerability through additional entitlement checks to protect Personas. No further action is required beyond updating to the patched version as per the Apple advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.502Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47596d939959c8022cd3
Added to database: 11/4/2025, 6:35:05 PM
Last enriched: 4/9/2026, 11:09:44 PM
Last updated: 5/9/2026, 8:56:28 AM
Views: 53
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.