CVE-2024-23218 in macOS
Summary
by MITRE • 01/23/2024
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/02/2026
This vulnerability represents a critical timing side-channel attack that exploits the non-constant time execution of cryptographic operations within Apple's security framework. The issue specifically affects the implementation of RSA PKCS#1 v1.5 decryption routines where the processing time varies based on the input data, creating observable timing differences that can be exploited by attackers. Such timing variations occur when the cryptographic library performs different execution paths depending on whether certain conditions are met during the decryption process, particularly when handling malformed or specific ciphertext inputs. The vulnerability falls under the category of side-channel attacks that leverage temporal information to infer sensitive cryptographic data, making it a significant concern for systems relying on RSA encryption for secure communications.
The technical flaw manifests in the cryptographic implementation where the decryption process does not maintain consistent execution time regardless of the input values. When processing RSA PKCS#1 v1.5 ciphertexts, the algorithm's behavior varies based on the structure of the padded data, creating measurable timing differences that an attacker can monitor and analyze. This timing variation enables the exploitation of what is classified as a timing side-channel vulnerability, which is documented under CWE-385 and aligns with ATT&CK technique T1059.001 for side-channel attacks. The issue particularly affects legacy RSA implementations where the padding verification process includes conditional branches that execute different code paths depending on the validity of the padding structure, thereby leaking information through timing variations.
The operational impact of this vulnerability extends beyond simple information disclosure, as it allows attackers to perform decryption attacks without possessing the corresponding private key. This capability represents a serious compromise of cryptographic security, as it undermines the fundamental principle that RSA encryption should remain secure even when attackers have access to public keys and ciphertexts. Attackers can potentially reconstruct the original plaintext from the ciphertext by observing timing differences during the decryption process, particularly when dealing with legacy RSA PKCS#1 v1.5 implementations. The vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS variants, tvOS, and watchOS, indicating a widespread impact across Apple's ecosystem. This widespread exposure increases the potential attack surface and makes the vulnerability particularly dangerous for organizations relying on Apple devices for secure communications and data protection.
Apple addressed this vulnerability through the implementation of constant-time computation techniques that ensure cryptographic operations execute in predictable time regardless of input values. The fixes included in iOS 16.7.6, iPadOS 16.7.6, iOS 17.3, iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, and watchOS 10.3 involve modifications to the cryptographic libraries to eliminate timing variations in the RSA decryption process. These improvements ensure that all execution paths within the cryptographic functions take equal time, regardless of the input data, effectively neutralizing the timing side-channel that previously enabled attackers to extract sensitive information. Organizations should prioritize updating all affected Apple devices to the patched versions to prevent potential exploitation of this vulnerability. The remediation approach aligns with industry best practices for mitigating timing side-channel attacks and demonstrates Apple's commitment to maintaining cryptographic security standards across its platforms.