Information Disclosure Vulnerability in Apple Software
CVE-2023-23502

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS; macOS; watchOS
Vendor: CVE Published:; 27 February 2023

Summary

An information disclosure vulnerability has been identified that could allow a malicious app to gain insights into kernel memory layout. This was addressed by removing the problematic code across several Apple operating systems, enhancing user security and privacy. The fix has been implemented in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3, iPadOS 16.3, tvOS 16.3, and watchOS 9.3.

Affected Version(s)

iOS and iPadOS < 16.3

macOS < 13.2

macOS < 12.6

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213601

https://support.apple.com/en-us/HT213605

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023