VYPR
← All advisories
Low severity3.3NVD Advisory· Published Mar 8, 2024· Updated Apr 2, 2026

CVE-2024-23289

CVE-2024-23289

Description

A lock screen issue in Apple OSes allows physical access users to retrieve private calendar data via Siri, patched in recent updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A lock screen issue in Apple OSes allows physical access users to retrieve private calendar data via Siri, patched in recent updates.

Vulnerability

Overview CVE-2024-23289 is a lock screen issue in Apple iOS, iPadOS, macOS, and watchOS that could allow a person with physical access to a device to use Siri to access private calendar information. The vulnerability was addressed through improved state management on the lock screen.

Exploitation

Exploitation requires physical access to the device. With Siri accessible from the lock screen, an attacker could query calendar information without authentication, bypassing the intended lock screen restrictions.

Impact

Successful exploitation leads to unauthorized disclosure of private calendar data, potentially exposing sensitive scheduled events and personal information.

Mitigation

The issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, and watchOS 10.4 [1][4]. Users are advised to update their devices to the latest available versions.

References
  1. About the security content of macOS Sonoma 14.4 - Apple Support
  2. About the security content of iOS 17.4 and iPadOS 17.4 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.