Logic Flaw in macOS Sonoma Enables Unauthorized Access to Removable Volumes
CVE-2023-40430

5.5MEDIUM

Key Information:

Vendor: Apple
Status: macOS
Vendor: CVE Published:; 10 January 2024

Summary

A logic flaw has been identified in macOS Sonoma 14, which potentially allows applications to gain access to removable volumes without obtaining user's explicit consent. This vulnerability raises significant concerns regarding user privacy and data security, as unauthorized access to removable storage can lead to sensitive information being compromised. Apple has addressed this issue with enhanced checks to prevent such unauthorized access, emphasizing the importance of user consent in data usage.

Affected Version(s)

macOS < 14

References

https://support.apple.com/en-us/HT213940

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Aug 14, 2023