#VU87244 Spoofing attack in macOS - CVE-2024-23277

Cybersecurity Help s.r.o.

Published: 2024-03-07

Vulnerability identifier: #VU87244

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-23277

CWE-ID: CWE-451

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation in Bluetooth. An attacker with access to a privileged local network can inject keystrokes by spoofing a keyboard.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

macOS: 14.0 23A344 - 14.3.1 23D60

External links
https://support.apple.com/en-us/HT214084

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apple macOS Sonoma

Multiple vulnerabilities in Apple iOS 17 and iPadOS 17