Sandboxed Application Vulnerability in Apple Xcode and macOS Versions
CVE-2023-27945

6.3MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS; Xcode
Vendor: CVE Published:; 8 May 2023

Summary

A vulnerability has been identified in Apple's Xcode and certain versions of macOS, where a sandboxed application could potentially access sensitive system logs. This was addressed by implementing enhanced entitlements to restrict the capabilities of applications in a restricted environment. The issue has been resolved in the latest updates of Xcode and macOS, ensuring improved security measures are in place to protect system data from unauthorized access.

Affected Version(s)

macOS < 12.6

macOS < 11.7

Xcode < 14.3

References

https://support.apple.com/en-us/HT213759

https://support.apple.com/en-us/HT213679

https://support.apple.com/en-us/HT213760

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 8, 2023
Vulnerability Reserved
Mar 8, 2023