CVE-2024-23218

Description

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.

References

https://support.apple.com/kb/HT214085

https://support.apple.com/kb/HT214083

https://support.apple.com/kb/HT214082

https://support.apple.com/en-us/HT214061

https://support.apple.com/en-us/HT214060

https://support.apple.com/en-us/HT214059

https://support.apple.com/en-us/HT214055

http://seclists.org/fulldisclosure/2024/Mar/23

http://seclists.org/fulldisclosure/2024/Mar/22

http://seclists.org/fulldisclosure/2024/Jan/40

http://seclists.org/fulldisclosure/2024/Jan/39

http://seclists.org/fulldisclosure/2024/Jan/36

http://seclists.org/fulldisclosure/2024/Jan/33

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3