{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-23255","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2024-01-12T22:22:21.487Z","datePublished":"2024-03-08T01:36:16.498Z","dateUpdated":"2026-04-02T18:26:20.862Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"Photos in the Hidden Photos Album may be viewed without authentication"}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"0","status":"affected","lessThan":"17.4","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"0","status":"affected","lessThan":"14.4","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication."}],"references":[{"url":"https://support.apple.com/en-us/120893"},{"url":"https://support.apple.com/en-us/120895"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:26:20.862Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT214081","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT214084","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/21","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214084"},{"url":"https://support.apple.com/kb/HT214081"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T18:25:59.927Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-863","lang":"en","description":"CWE-863 Incorrect Authorization"}]}],"affected":[{"vendor":"apple","product":"macos","cpes":["cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"14.4","versionType":"custom"}]},{"vendor":"apple","product":"ios","cpes":["cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"17.4","versionType":"custom"}]},{"vendor":"apple","product":"ipados","cpes":["cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"17.4","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.1,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-05T14:47:13.410010Z","id":"CVE-2024-23255","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-05T14:47:23.273Z"}}]}}