Main Vulnerability Database Vulnerabilities #VU95287

#VU95287 Improper Authentication in macOS - CVE-2024-23251

Published: August 5, 2024

Vulnerability identifier: #VU95287

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-23251

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
macOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to an error in Mail. An attacker with physical access to the system can leak Mail account credentials.

Install updates from vendor's website.