CVE-2024-23245
LOWDescription
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| apple | macos |
| apple | macos |
| apple | macos |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-23245? +
How severe is CVE-2024-23245? +
What products are affected by CVE-2024-23245? +
How do I check if I'm vulnerable to CVE-2024-23245? +
Related Vulnerabilities
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may …
This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app …
Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer …
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, …
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS …
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, …