Memory Handling Vulnerability in Apple macOS, iOS, and Other Products
CVE-2023-23511

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS; macOS; watchOS
Vendor: CVE Published:; 27 February 2023

Summary

A vulnerability in Apple products related to memory handling has been identified, allowing certain applications to potentially bypass user Privacy preferences. This issue impacts macOS, iOS, iPadOS, tvOS, and watchOS. Apple has addressed this security concern in multiple updates across its operating systems, specifically in versions macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3, iPadOS 16.3, tvOS 16.3, and watchOS 9.3. Users are encouraged to update their devices to the latest versions to ensure protection against this vulnerability.

Affected Version(s)

iOS and iPadOS < 16.3

macOS < 13.2

macOS < 12.6

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213601

https://support.apple.com/en-us/HT213605

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023