Credential Access Vulnerability in Apple Xcode Product
CVE-2023-40435

5.5MEDIUM

Key Information:

Vendor
Apple
Status
Xcode
Vendor
CVE Published:
27 September 2023

Summary

This vulnerability affects Apple's Xcode product where an app may inadvertently access App Store credentials. The issue was mitigated by enabling a hardened runtime, which enhances security by restricting certain actions that could be exploited. Users are encouraged to update to the latest version, Xcode 15, to ensure they are protected from this and other vulnerabilities.

Affected Version(s)

Xcode < 15

References

https://support.apple.com/en-us/HT213939
http://seclists.org/fulldisclosure/2023/Oct/7

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.