Privacy Bypass in Apple iOS, iPadOS, tvOS, and macOS
CVE-2023-32422

5.5MEDIUM

Key Information:

Vendor

Apple
Status
Mac OS
iOS And iPad OS
TV OS
Vendor
CVE Published:
23 June 2023

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2023-32422?

A vulnerability has been identified in Apple devices that permits certain applications to bypass user-defined privacy preferences due to insufficient logging restrictions within SQLite. This flaw affects multiple operating systems, specifically iOS, iPadOS, tvOS, and macOS, and has been addressed in recent updates. Users are encouraged to upgrade to the latest versions to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS and iPadOS < 16.5

macOS < 13.4

tvOS < 16.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-32422-a-macOS-TCC-bypass-in-sqlite
Created by gergelykalman

News Articles

favicon imagegergelykalman.com

Gergely's hack blog

Gergely's blog about hacking, privacy, and everything else

References

https://support.apple.com/en-us/HT213758
https://support.apple.com/en-us/HT213757
https://support.apple.com/en-us/HT213761

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by gergelykalman.com

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.