Arbitrary Code Execution Vulnerability in Xcode by Apple
CVE-2023-27967

8.6HIGH

Key Information:

Vendor: Apple
Status: Xcode
Vendor: CVE Published:; 8 May 2023

What is CVE-2023-27967?

The vulnerability in Xcode arises from inadequate memory handling, which allows an application to execute arbitrary code outside its designated sandbox environment, potentially leading to unauthorized access and actions with elevated privileges. This issue has been resolved in Xcode version 14.3, enhancing overall app security and protecting against exploitation.

Affected Version(s)

Xcode < 14.3

References

https://support.apple.com/en-us/HT213679

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2023
Vulnerability Reserved
Mar 8, 2023