Privacy Bypass in Apple iOS, iPadOS, tvOS, and macOS
CVE-2023-32422

5.5MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS; iOS And iPad OS; TV OS
Vendor: CVE Published:; 23 June 2023

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

Summary

A vulnerability has been identified in Apple devices that permits certain applications to bypass user-defined privacy preferences due to insufficient logging restrictions within SQLite. This flaw affects multiple operating systems, specifically iOS, iPadOS, tvOS, and macOS, and has been addressed in recent updates. Users are encouraged to upgrade to the latest versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 16.5

macOS < 13.4

tvOS < 16.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-32422-a-macOS-TCC-bypass-in-sqlite
Created by gergelykalman

News Articles

gergelykalman.com

CVE-2023-32428 CVE-2023-32422

Gergely's hack blog

Gergely's blog about hacking, privacy, and everything else

References

https://support.apple.com/en-us/HT213758

https://support.apple.com/en-us/HT213757

https://support.apple.com/en-us/HT213761

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by gergelykalman.com
Nov 29, 2024
🟡
Public PoC available
Nov 15, 2023
👾
Exploit known to exist
Nov 15, 2023
Vulnerability published
Jun 23, 2023
Vulnerability Reserved
May 8, 2023

Key Information:

Badges

Summary

Affected Version(s)

Exploit Proof of Concept (PoC)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Gergely's hack blog

References

CVSS V3.1

Timeline