CVE-2024-23282

Summary

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.

Affected Software

VendorProductVersion RangeStatus
AppleiOS and iPadOS0 < 16.7.8affected
AppleiOS and iPadOS0 < 17.5affected
ApplemacOS0 < 14.5affected
ApplewatchOS0 < 10.5affected

Weaknesses

  • A maliciously crafted email may be able to initiate FaceTime calls without user authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References