cvelistv5 - cve-2023-23508

CVE-2023-23508 (GCVE-0-2023-23508)

Vulnerability from cvelistv5 – Published: 2023-02-27 00:00 – Updated: 2025-03-11 15:43

Summary

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

An app may be able to bypass Privacy preferences

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT213603
	https://support.apple.com/en-us/HT213605
	https://support.apple.com/en-us/HT213604

Impacted products

Vendor

Product

Version

Apple

macOS

Affected: unspecified , < 11.7 (custom)

	Apple	macOS	Affected: unspecified , < 13.2 (custom)
	Apple	macOS	Affected: unspecified , < 12.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:32.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213603"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213605"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213604"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23508",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T15:43:02.541164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T15:43:05.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to bypass Privacy preferences",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-27T03:45:22.635Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213603"
        },
        {
          "url": "https://support.apple.com/en-us/HT213605"
        },
        {
          "url": "https://support.apple.com/en-us/HT213604"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-23508",
    "datePublished": "2023-02-27T00:00:00.000Z",
    "dateReserved": "2023-01-12T00:00:00.000Z",
    "dateUpdated": "2025-03-11T15:43:05.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.7.3\", \"matchCriteriaId\": \"4D13504E-ABCF-4E6F-8984-EADB123DFDD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndExcluding\": \"12.6.3\", \"matchCriteriaId\": \"C71359B9-7DCE-4F45-B03F-77CF313A74EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.2\", \"matchCriteriaId\": \"9CEC72CB-1F5B-4BF5-80F0-357E27855D2A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.\"}]",
      "id": "CVE-2023-23508",
      "lastModified": "2024-11-21T07:46:19.553",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2023-02-27T20:15:13.940",
      "references": "[{\"url\": \"https://support.apple.com/en-us/HT213603\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213604\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213605\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213603\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23508\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-02-27T20:15:13.940\",\"lastModified\":\"2025-03-11T16:15:12.953\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.7.3\",\"matchCriteriaId\":\"4D13504E-ABCF-4E6F-8984-EADB123DFDD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.6.3\",\"matchCriteriaId\":\"C71359B9-7DCE-4F45-B03F-77CF313A74EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.2\",\"matchCriteriaId\":\"9CEC72CB-1F5B-4BF5-80F0-357E27855D2A\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213603\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213604\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213605\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213603\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213605\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213604\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:35:32.728Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23508\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-11T15:43:02.541164Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-11T15:42:57.771Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"11.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"13.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"12.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213603\"}, {\"url\": \"https://support.apple.com/en-us/HT213605\"}, {\"url\": \"https://support.apple.com/en-us/HT213604\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An app may be able to bypass Privacy preferences\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2023-07-27T03:45:22.635Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23508\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T15:43:05.702Z\", \"dateReserved\": \"2023-01-12T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2023-02-27T00:00:00.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2023-0189

Vulnerability from csaf_certbund - Published: 2023-01-23 23:00 - Updated: 2023-09-07 22:00

Summary

Apple macOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0189 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0189.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0189 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0189"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory HT213603 vom 2023-01-23",
        "url": "https://support.apple.com/en-us/HT213603"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory HT213604 vom 2023-01-23",
        "url": "https://support.apple.com/en-us/HT213604"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory HT213605 vom 2023-01-23",
        "url": "https://support.apple.com/en-us/HT213605"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-07T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:42:11.233+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0189",
      "initial_release_date": "2023-01-23T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-01-23T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-2023-23520, CVE-2023-23530, CVE-2023-23531 erg\u00e4nzt"
        },
        {
          "date": "2023-06-27T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVE\u0027s erg\u00e4nzt"
        },
        {
          "date": "2023-09-07T22:00:00.000+00:00",
          "number": "4",
          "summary": "CVE\u0027s erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Apple macOS \u003c 11.7.3",
                "product": {
                  "name": "Apple macOS \u003c 11.7.3",
                  "product_id": "T026010",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:11.7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Apple macOS \u003c 12.6.3",
                "product": {
                  "name": "Apple macOS \u003c 12.6.3",
                  "product_id": "T026011",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:12.6.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Apple macOS \u003c 13.2",
                "product": {
                  "name": "Apple macOS \u003c 13.2",
                  "product_id": "T026012",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:13.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "macOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-32438",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-32438"
    },
    {
      "cve": "CVE-2023-32393",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-32393"
    },
    {
      "cve": "CVE-2023-28208",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-28208"
    },
    {
      "cve": "CVE-2023-23539",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23539"
    },
    {
      "cve": "CVE-2023-23531",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23531"
    },
    {
      "cve": "CVE-2023-23530",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23530"
    },
    {
      "cve": "CVE-2023-23520",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23520"
    },
    {
      "cve": "CVE-2023-23519",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23519"
    },
    {
      "cve": "CVE-2023-23518",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23518"
    },
    {
      "cve": "CVE-2023-23517",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23517"
    },
    {
      "cve": "CVE-2023-23516",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23516"
    },
    {
      "cve": "CVE-2023-23513",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23513"
    },
    {
      "cve": "CVE-2023-23512",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23512"
    },
    {
      "cve": "CVE-2023-23511",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23511"
    },
    {
      "cve": "CVE-2023-23510",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23510"
    },
    {
      "cve": "CVE-2023-23508",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23508"
    },
    {
      "cve": "CVE-2023-23507",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23507"
    },
    {
      "cve": "CVE-2023-23506",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23506"
    },
    {
      "cve": "CVE-2023-23505",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23505"
    },
    {
      "cve": "CVE-2023-23504",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23504"
    },
    {
      "cve": "CVE-2023-23503",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23503"
    },
    {
      "cve": "CVE-2023-23502",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23502"
    },
    {
      "cve": "CVE-2023-23501",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23501"
    },
    {
      "cve": "CVE-2023-23500",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23500"
    },
    {
      "cve": "CVE-2023-23499",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23499"
    },
    {
      "cve": "CVE-2023-23498",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23498"
    },
    {
      "cve": "CVE-2023-23497",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23497"
    },
    {
      "cve": "CVE-2023-23496",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23496"
    },
    {
      "cve": "CVE-2023-23493",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2023-23493"
    },
    {
      "cve": "CVE-2022-42916",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-42915",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-3705",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2022-3705"
    },
    {
      "cve": "CVE-2022-35260",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35252",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-32915",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2022-32915"
    },
    {
      "cve": "CVE-2022-32221",
      "notes": [
        {
          "category": "description",
          "text": "In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten AppleMobileFileIntegrity, curl, dcerpc, DiskArbitration, DriverKit, IntelGraphicsDriver, PackageKit, Screen Time, libxpc, WebKit, Vim, Wi-Fi, Weather sowie Windows Installer. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, seine Privilegien erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-01-23T23:00:00.000+00:00",
      "title": "CVE-2022-32221"
    }
  ]
}

VAR-202301-1723

Vulnerability from variot - Updated: 2023-12-18 11:19

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences. apple's macOS Exists in unspecified vulnerabilities.Information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604.

AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)

curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260

curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252

dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

DriverKit Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)

Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher

Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM

Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t)

Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)

Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t)

Additional recognition

Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance.

macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke NxlXeg/+JwvCu4zHuDTptxkKw1gxht0hTTVJvNjgNWj2XFtnOz9kCIupGj/xPTMl P9vABQWRbpEJfCJE31FbUcxRCMcr/jm8dDb1ocx4qsGLlY5iGLQ/M1G6OLxQVajg gGaCSMjW9Zk7l7sXztKj4XcirsB3ft9tiRJwgPUE0znaT70970usFdg+q95CzODm DHVoa5VNLi0zA4178CIiq4WayAZe90cRYYQQ1+Okjhab/U/blfGgEPhA/rrdjQ85 J4NKTXyGBIWl+Ix4HpLikYpnwm/TKyYiY+MogZ6xUmFwnUgXkPCc4gYdPANQk064 KNjy90yq3Os9IBjfDpw+Pqs6I3GMZ0oNYUKWO+45/0NVp5/qjDFt5K7ZS+Xz5Py7 YrodbwaYiESzsdfLja9ILf8X7taDLHxxfHEvWcXnhcMD1XNKU6mpsb8SOLicWYzp 8maZarjhzQl3dQi4Kz3vQk0hKHTIE6/04fRdDpqhM9WXljayLLO7bsryW8u98Y/b fR3BXgfsll+QjdLDeW3nfuY+q2JsW0a2lhJZnxuRQPC+wUGDoCY7vcCbv8zkx0oo y1w8VDBdUjj7vyVSAqoZNlpgl1ebKgciVhTvrgTsyVxuOA94VzDCeI5/6RkjDAJ+ WL2Em8qc4aqXvGEwimKdNkETbyqIRcNVXWhXLVGLsmHvDViVjGQ= =BbMS -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1723",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6.3"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.2"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.7.3"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "13.0  that\u0027s all  13.2"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "11.0  that\u0027s all  11.7.3"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "12.0.0  that\u0027s all  12.6.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.7.3",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6.3",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2023-23508",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-23508",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-23508",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202301-1761",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences. apple\u0027s macOS Exists in unspecified vulnerabilities.Information may be tampered with. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2023-01-23-5 macOS Monterey 12.6.3\n\nmacOS Monterey 12.6.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213604. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2023-23499: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n(wojciechregula.blog)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.86.0. \nCVE-2022-42915\nCVE-2022-42916\nCVE-2022-32221\nCVE-2022-35260\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.85.0. \nCVE-2022-35252\n\ndcerpc\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco\nTalos\n\nDiskArbitration\nAvailable for: macOS Monterey\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2023-23507: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23504: Adam Doup\u00e9 of ASU SEFCOM\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23497: Mickey Jin (@patch1t)\n\nScreen Time\nAvailable for: macOS Monterey\nImpact: An app may be able to access information about a user\u2019s\ncontacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)\n\nWeather\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an\nanonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nWebKit Bugzilla: 248268\nCVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\nWebKit Bugzilla: 248268\nCVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\n\nWindows Installer\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23508: Mickey Jin (@patch1t)\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Nick Stenning of Replicate for their\nassistance. \n\nmacOS Monterey 12.6.3 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke\nNxlXeg/+JwvCu4zHuDTptxkKw1gxht0hTTVJvNjgNWj2XFtnOz9kCIupGj/xPTMl\nP9vABQWRbpEJfCJE31FbUcxRCMcr/jm8dDb1ocx4qsGLlY5iGLQ/M1G6OLxQVajg\ngGaCSMjW9Zk7l7sXztKj4XcirsB3ft9tiRJwgPUE0znaT70970usFdg+q95CzODm\nDHVoa5VNLi0zA4178CIiq4WayAZe90cRYYQQ1+Okjhab/U/blfGgEPhA/rrdjQ85\nJ4NKTXyGBIWl+Ix4HpLikYpnwm/TKyYiY+MogZ6xUmFwnUgXkPCc4gYdPANQk064\nKNjy90yq3Os9IBjfDpw+Pqs6I3GMZ0oNYUKWO+45/0NVp5/qjDFt5K7ZS+Xz5Py7\nYrodbwaYiESzsdfLja9ILf8X7taDLHxxfHEvWcXnhcMD1XNKU6mpsb8SOLicWYzp\n8maZarjhzQl3dQi4Kz3vQk0hKHTIE6/04fRdDpqhM9WXljayLLO7bsryW8u98Y/b\nfR3BXgfsll+QjdLDeW3nfuY+q2JsW0a2lhJZnxuRQPC+wUGDoCY7vcCbv8zkx0oo\ny1w8VDBdUjj7vyVSAqoZNlpgl1ebKgciVhTvrgTsyVxuOA94VzDCeI5/6RkjDAJ+\nWL2Em8qc4aqXvGEwimKdNkETbyqIRcNVXWhXLVGLsmHvDViVjGQ=\n=BbMS\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "VULHUB",
        "id": "VHN-451819"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-23508",
        "trust": 3.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "170698",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-451819",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170697",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ]
  },
  "id": "VAR-202301-1723",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451819"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:19:12.632000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213604 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht213603"
      },
      {
        "title": "Apple macOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226933"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht213604"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213603"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213605"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23508"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170698/apple-security-advisory-2023-01-23-6.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-23508/"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23497"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23505"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23499"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23507"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23493"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23504"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32915"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213604."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23502"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23518"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213603."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23517"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23513"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-451819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-451819"
      },
      {
        "date": "2023-10-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "date": "2023-01-24T16:41:07",
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "date": "2023-01-24T16:41:28",
        "db": "PACKETSTORM",
        "id": "170698"
      },
      {
        "date": "2023-02-27T20:15:13.940000",
        "db": "NVD",
        "id": "CVE-2023-23508"
      },
      {
        "date": "2023-01-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-03-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-451819"
      },
      {
        "date": "2023-10-30T04:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      },
      {
        "date": "2023-07-27T04:15:13.717000",
        "db": "NVD",
        "id": "CVE-2023-23508"
      },
      {
        "date": "2023-03-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "apple\u0027s \u00a0macOS\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004373"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-1761"
      }
    ],
    "trust": 0.6
  }
}

GHSA-J2PW-6X67-WWJX

Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-04 03:30

Details

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to bypass Privacy preferences.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to bypass Privacy preferences.",
  "id": "GHSA-j2pw-6x67-wwjx",
  "modified": "2023-03-04T03:30:19Z",
  "published": "2023-02-27T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23508"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213603"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213604"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213605"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0056

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions 16.x antérieures à 16.3
Apple	macOS	macOS Monterey versions 12.x antérieures à 12.6.3
Apple	macOS	macOS Ventura versions 13.x antérieures à 13.2
Apple	N/A	iOS versions 15.x antérieures à 15.7.3
Apple	N/A	iOS versions 12.x antérieures à 12.5.7
Apple	Safari	Safari versions 16.x antérieures à 16.3
Apple	macOS	macOS Big Sur versions 11.x antérieures à 11.7.3
Apple	N/A	iPadOS versions 16.x antérieures à 16.3
Apple	N/A	iPadOS versions 15.x antérieures à 15.7.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213600 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213606 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213603 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213605 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213597 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213598 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213604 du 23 janvier 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions 12.x ant\u00e9rieures \u00e0 12.6.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions 13.x ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 12.x ant\u00e9rieures \u00e0 12.5.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions 16.x ant\u00e9rieures \u00e0 16.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.x ant\u00e9rieures \u00e0 11.7.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23499"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-35260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
    },
    {
      "name": "CVE-2023-23513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23513"
    },
    {
      "name": "CVE-2023-23510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23510"
    },
    {
      "name": "CVE-2022-32915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32915"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2023-23497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23497"
    },
    {
      "name": "CVE-2022-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
    },
    {
      "name": "CVE-2023-23504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23504"
    },
    {
      "name": "CVE-2022-42856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42856"
    },
    {
      "name": "CVE-2023-23498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23498"
    },
    {
      "name": "CVE-2023-23493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23493"
    },
    {
      "name": "CVE-2023-23501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23501"
    },
    {
      "name": "CVE-2023-23519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23519"
    },
    {
      "name": "CVE-2023-23500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23500"
    },
    {
      "name": "CVE-2022-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2023-23496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23496"
    },
    {
      "name": "CVE-2023-23518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23518"
    },
    {
      "name": "CVE-2023-23508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23508"
    },
    {
      "name": "CVE-2023-23502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23502"
    },
    {
      "name": "CVE-2023-23511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23511"
    },
    {
      "name": "CVE-2023-23505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23505"
    },
    {
      "name": "CVE-2023-23506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23506"
    },
    {
      "name": "CVE-2023-23517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23517"
    },
    {
      "name": "CVE-2023-23512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23512"
    },
    {
      "name": "CVE-2023-23507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23507"
    },
    {
      "name": "CVE-2023-23503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23503"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0056",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213600 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213606 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213606"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213603 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213603"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213605 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213605"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213597 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213597"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213598 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213598"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213604 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213604"
    }
  ]
}

CERTFR-2023-AVI-0056

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions 16.x antérieures à 16.3
Apple	macOS	macOS Monterey versions 12.x antérieures à 12.6.3
Apple	macOS	macOS Ventura versions 13.x antérieures à 13.2
Apple	N/A	iOS versions 15.x antérieures à 15.7.3
Apple	N/A	iOS versions 12.x antérieures à 12.5.7
Apple	Safari	Safari versions 16.x antérieures à 16.3
Apple	macOS	macOS Big Sur versions 11.x antérieures à 11.7.3
Apple	N/A	iPadOS versions 16.x antérieures à 16.3
Apple	N/A	iPadOS versions 15.x antérieures à 15.7.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213600 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213606 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213603 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213605 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213597 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213598 du 23 janvier 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213604 du 23 janvier 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions 12.x ant\u00e9rieures \u00e0 12.6.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions 13.x ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 12.x ant\u00e9rieures \u00e0 12.5.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions 16.x ant\u00e9rieures \u00e0 16.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.x ant\u00e9rieures \u00e0 11.7.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23499"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-35260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
    },
    {
      "name": "CVE-2023-23513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23513"
    },
    {
      "name": "CVE-2023-23510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23510"
    },
    {
      "name": "CVE-2022-32915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32915"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2023-23497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23497"
    },
    {
      "name": "CVE-2022-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
    },
    {
      "name": "CVE-2023-23504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23504"
    },
    {
      "name": "CVE-2022-42856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42856"
    },
    {
      "name": "CVE-2023-23498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23498"
    },
    {
      "name": "CVE-2023-23493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23493"
    },
    {
      "name": "CVE-2023-23501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23501"
    },
    {
      "name": "CVE-2023-23519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23519"
    },
    {
      "name": "CVE-2023-23500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23500"
    },
    {
      "name": "CVE-2022-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2023-23496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23496"
    },
    {
      "name": "CVE-2023-23518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23518"
    },
    {
      "name": "CVE-2023-23508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23508"
    },
    {
      "name": "CVE-2023-23502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23502"
    },
    {
      "name": "CVE-2023-23511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23511"
    },
    {
      "name": "CVE-2023-23505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23505"
    },
    {
      "name": "CVE-2023-23506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23506"
    },
    {
      "name": "CVE-2023-23517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23517"
    },
    {
      "name": "CVE-2023-23512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23512"
    },
    {
      "name": "CVE-2023-23507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23507"
    },
    {
      "name": "CVE-2023-23503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23503"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0056",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213600 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213606 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213606"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213603 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213603"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213605 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213605"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213597 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213597"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213598 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213598"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213604 du 23 janvier 2023",
      "url": "https://support.apple.com/en-us/HT213604"
    }
  ]
}

FKIE_CVE-2023-23508

Vulnerability from fkie_nvd - Published: 2023-02-27 20:15 - Updated: 2025-03-11 16:15

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213603	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213604	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213605	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213603	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213604	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213605	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	macos	*
apple	macos	*
apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D13504E-ABCF-4E6F-8984-EADB123DFDD2",
              "versionEndExcluding": "11.7.3",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71359B9-7DCE-4F45-B03F-77CF313A74EA",
              "versionEndExcluding": "12.6.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CEC72CB-1F5B-4BF5-80F0-357E27855D2A",
              "versionEndExcluding": "13.2",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences."
    }
  ],
  "id": "CVE-2023-23508",
  "lastModified": "2025-03-11T16:15:12.953",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-27T20:15:13.940",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213603"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213604"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213605"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2023-23508

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.

Aliases

CVE-2023-23508

Aliases

CVE-2023-23508

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23508",
    "id": "GSD-2023-23508"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23508"
      ],
      "details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.",
      "id": "GSD-2023-23508",
      "modified": "2023-12-13T01:20:50.291124Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2023-23508",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "11.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An app may be able to bypass Privacy preferences"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213603",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213603"
          },
          {
            "name": "https://support.apple.com/en-us/HT213605",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213605"
          },
          {
            "name": "https://support.apple.com/en-us/HT213604",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213604"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.7.3",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6.3",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2023-23508"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213605",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213605"
            },
            {
              "name": "https://support.apple.com/en-us/HT213603",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213603"
            },
            {
              "name": "https://support.apple.com/en-us/HT213604",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213604"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-07-27T04:15Z",
      "publishedDate": "2023-02-27T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-23508 (GCVE-0-2023-23508)

WID-SEC-W-2023-0189

VAR-202301-1723

GHSA-J2PW-6X67-WWJX

CERTFR-2023-AVI-0056

Solution

CERTFR-2023-AVI-0056

Solution

FKIE_CVE-2023-23508

GSD-2023-23508

Tags

Sightings

Nomenclature