Fingerprinting Vulnerability in Apple Operating Systems
CVE-2023-42831

5.5MEDIUM

Key Information:

Vendor: Apple
Status: macOS; iOS and iPadOS
Vendor: CVE Published:; 10 January 2024

Summary

A flaw in certain Apple operating systems has been identified where applications may exploit the vulnerability to fingerprint users, allowing unauthorized tracking and identification. This issue has been mitigated in the latest updates with the removal of the problematic code. Users are encouraged to update their devices promptly to safeguard personal information and enhance overall security. The affected products were addressed in version updates, highlighting Apple's commitment to protecting user privacy.

Affected Version(s)

iOS and iPadOS < 15.7

macOS < 13.5

macOS < 11.7

References

https://support.apple.com/en-us/HT213843

https://support.apple.com/en-us/HT213842

https://support.apple.com/en-us/HT213845

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Sep 14, 2023