Privacy Vulnerability in Apple macOS, iOS, and watchOS Products
CVE-2023-23505

3.3LOW

Key Information:

Vendor: Apple
Status: iOS and iPadOS; macOS; watchOS
Vendor: CVE Published:; 27 February 2023

Summary

A privacy issue has been identified in various Apple products, allowing applications to potentially access sensitive information about a user’s contacts without proper authorization. Improved private data redaction has been implemented in the latest versions of macOS, iOS, and watchOS to mitigate this vulnerability and enhance user privacy. Users are strongly advised to update their devices to the latest versions to ensure their personal information remains protected.

Affected Version(s)

iOS and iPadOS < 16.3

iOS and iPadOS < 15.7

macOS < 11.7

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213603

https://support.apple.com/en-us/HT213598

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023