Main Vulnerability Database Vulnerabilities #VU85678

#VU85678 Security features bypass in Apple iOS and iPadOS - CVE-2024-23219

Published: January 22, 2024

Vulnerability identifier: #VU85678

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-23219

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in the Reset Services component, which can lead to disabling the Stolen Device Protection feature. An attacker with physical access to the device can gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT214059

#VU85678 Security features bypass in Apple iOS and iPadOS - CVE-2024-23219

Description

Remediation

External links

Please verify you're human