Kernel Memory Disclosure in Apple Products
CVE-2023-42884

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; macOS; tvOS
Vendor: CVE Published:; 12 December 2023

Summary

A vulnerability exists in certain Apple products that may allow an application to disclose kernel memory, potentially revealing sensitive information. This issue was addressed by implementing improved redaction techniques to mitigate the risk. Users of affected versions should upgrade to the latest releases to ensure their systems are secure against this type of vulnerability.

Affected Version(s)

iOS and iPadOS < 17.2

iOS and iPadOS < 16.7

macOS < 13.6

References

https://support.apple.com/en-us/HT214035

https://support.apple.com/en-us/HT214034

https://support.apple.com/en-us/HT214038

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Sep 14, 2023