Privilege Escalation Vulnerability in Apple Operating Systems
CVE-2023-38410

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS and iPadOS; macOS
Vendor: CVE Published:; 27 July 2023

What is CVE-2023-38410?

This vulnerability in Apple’s operating systems allows a user to potentially elevate their privileges, thereby gaining unauthorized access to sensitive system resources. It has been addressed with enhanced checks and is resolved in the latest updates to iOS, iPadOS, and macOS. Users are encouraged to update their devices to minimize risk.

Affected Version(s)

iOS and iPadOS < 16.6

macOS < 13.5

References

https://support.apple.com/en-us/HT213841

https://support.apple.com/en-us/HT213843

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Jul 20, 2023