Vulnerabilities > CVE-2024-23218 - Information Exposure Through Discrepancy vulnerability in Apple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://support.apple.com/en-us/HT214059
- https://support.apple.com/en-us/HT214055
- https://support.apple.com/en-us/HT214060
- https://support.apple.com/en-us/HT214061
- http://seclists.org/fulldisclosure/2024/Jan/33
- http://seclists.org/fulldisclosure/2024/Jan/36
- http://seclists.org/fulldisclosure/2024/Jan/39
- http://seclists.org/fulldisclosure/2024/Jan/40
- https://support.apple.com/kb/HT214082
- https://support.apple.com/kb/HT214083
- https://support.apple.com/kb/HT214085
- http://seclists.org/fulldisclosure/2024/Mar/22
- http://seclists.org/fulldisclosure/2024/Mar/23