CVE-2024-23223: 
macOS vulnerability analysis and mitigation

A privacy vulnerability (CVE-2024-23223) was discovered in Apple's operating systems that allows applications to access sensitive user data through improper file handling. The issue affects multiple Apple platforms including macOS Sonoma (versions up to 14.3), watchOS (versions up to 10.3), tvOS (versions up to 17.3), iOS (versions up to 17.3) and iPadOS (versions up to 17.3). The vulnerability was discovered by Noah Roskin-Frazee and Prof. J. from the ZeroClicks.ai Lab and was patched by Apple on January 22, 2024 (Apple iOS, Apple macOS).

The vulnerability exists in the NSSpellChecker component of affected Apple operating systems and is characterized as a privacy issue related to improper file handling. The vulnerability has been assigned a CVSS v3.1 base score of 6.2 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating local access is required but no privileges or user interaction are needed to exploit the vulnerability (NVD).

The vulnerability allows a malicious application to access sensitive user data through improper file handling in the NSSpellChecker component. This could potentially lead to unauthorized access to private information stored on affected devices (Apple iOS).

Apple has addressed this vulnerability by improving the handling of files in the affected systems. Users should update to macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3, or iPadOS 17.3 or later versions to protect against this vulnerability (Apple iOS, Apple macOS).