Memory Handling Vulnerability in Apple Operating Systems
CVE-2023-23500

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS; macOS; watchOS
Vendor: CVE Published:; 27 February 2023

Summary

A memory handling issue has been identified in various Apple operating systems, potentially allowing applications to leak sensitive kernel state information. This vulnerability has been addressed with updates in macOS Ventura 13.2, iOS 16.3, iPadOS 16.3, as well as earlier versions such as iOS 15.7.3 and iPadOS 15.7.3, along with recent updates to tvOS and watchOS. Users are strongly encouraged to update their devices to mitigate this risk.

Affected Version(s)

iOS and iPadOS < 16.3

iOS and iPadOS < 15.7

macOS < 13.2

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213601

https://support.apple.com/en-us/HT213598

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023