Arbitrary Code Execution Vulnerability in Xcode by Apple
CVE-2023-27967

8.6HIGH

Key Information:

Vendor
Apple
Status
Xcode
Vendor
CVE Published:
8 May 2023

Summary

The vulnerability in Xcode arises from inadequate memory handling, which allows an application to execute arbitrary code outside its designated sandbox environment, potentially leading to unauthorized access and actions with elevated privileges. This issue has been resolved in Xcode version 14.3, enhancing overall app security and protecting against exploitation.

Affected Version(s)

Xcode < 14.3

References

https://support.apple.com/en-us/HT213679

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.