Out-of-Bounds Read Vulnerability in Apple Bluetooth Products
CVE-2023-23528

6.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS
Vendor: CVE Published:; 8 May 2023

What is CVE-2023-23528?

An out-of-bounds read vulnerability exists in the Bluetooth services of Apple devices. This flaw allows attackers to craft specially designed Bluetooth packets that could lead to unauthorized disclosure of process memory. Apple has addressed this issue in tvOS 16.4, iOS 16.4, and iPadOS 16.4 through enhanced bounds checking measures, ensuring that potential risks associated with this vulnerability are significantly mitigated.

Affected Version(s)

iOS and iPadOS < 16.4

tvOS < 16.4

References

https://support.apple.com/en-us/HT213676

https://support.apple.com/en-us/HT213674

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2023
Vulnerability Reserved
Jan 12, 2023