Logic Flaw in Apple Products Leading to Privacy Preference Bypass
CVE-2023-23503

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS; macOS; watchOS
Vendor: CVE Published:; 27 February 2023

Summary

A logic issue within Apple's macOS and iOS platforms has been identified, which could allow applications to bypass user-defined privacy preferences. This vulnerability was resolved with enhanced state management in the latest software updates. Users are encouraged to update their devices to the latest versions to mitigate potential risks associated with this flaw, ensuring better protection of their privacy settings.

Affected Version(s)

iOS and iPadOS < 16.3

iOS and iPadOS < 15.7

macOS < 13.2

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213601

https://support.apple.com/en-us/HT213598

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023