CVE-2024-23211: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-23211 is a privacy vulnerability discovered in Apple's Safari browser and related operating systems that was disclosed on January 22, 2024. The vulnerability affects multiple Apple products including Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, and watchOS 10.3. The issue allows a user's private browsing activity to be visible in Settings (Apple Support, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The issue stems from improper handling of user preferences related to private browsing functionality. The vulnerability requires local access and user interaction to be exploited (NVD).

When exploited, the vulnerability allows unauthorized visibility of a user's private browsing activity through the Settings interface, potentially compromising user privacy and browsing confidentiality (Apple Support).

Apple has addressed this privacy issue by improving the handling of user preferences in the following software updates: Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, and watchOS 10.3. Users are recommended to update their devices to these versions to mitigate the vulnerability (Apple Support).