Data Exposure Vulnerability in Apple's macOS and iOS Products
CVE-2023-23499

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS; macOS; watchOS
Vendor: CVE Published:; 27 February 2023

Summary

A vulnerability in Apple's operating systems allows applications to potentially access user-sensitive data without proper protection. This issue has been resolved through the implementation of a hardened runtime, which reinforces security measures to prevent unauthorized data access. Users are encouraged to update to the latest versions of macOS Monterey, macOS Ventura, watchOS, tvOS, iOS, and iPadOS to mitigate potential exposure risks.

Affected Version(s)

iOS and iPadOS < 16.3

macOS < 11.7

macOS < 13.2

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213601

https://support.apple.com/en-us/HT213603

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023