cve-2023-27963
Vulnerability from cvelistv5
Published
2023-05-08 00:00
Modified
2024-08-02 12:23
Severity
Summary
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References
SourceURLTags
product-security@apple.comhttps://support.apple.com/en-us/HT213670Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213673Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213674
product-security@apple.comhttps://support.apple.com/en-us/HT213676Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213677Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213678Vendor Advisory
Impacted products
VendorProduct
ApplemacOS
AppleiOS and iPadOS
ApplemacOS
ApplewatchOS
AppletvOS
AppleiOS and iPadOS
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213670"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213676"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213677"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213678"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213674"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213673"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "9.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A shortcut may be able to use sensitive data with certain actions without prompting the user",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-27T03:46:05.662Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213670"
        },
        {
          "url": "https://support.apple.com/en-us/HT213676"
        },
        {
          "url": "https://support.apple.com/en-us/HT213677"
        },
        {
          "url": "https://support.apple.com/en-us/HT213678"
        },
        {
          "url": "https://support.apple.com/en-us/HT213674"
        },
        {
          "url": "https://support.apple.com/en-us/HT213673"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-27963",
    "datePublished": "2023-05-08T00:00:00",
    "dateReserved": "2023-03-08T00:00:00",
    "dateUpdated": "2024-08-02T12:23:30.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-27963\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-05-08T20:15:18.773\",\"lastModified\":\"2023-07-27T04:15:20.933\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.4\",\"matchCriteriaId\":\"909D85BE-B03C-469D-B7A0-B15B6366EDAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.4\",\"matchCriteriaId\":\"D54C540A-5D01-4710-BBF9-EDD8BBAEE16E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.4\",\"matchCriteriaId\":\"C75E4307-6CF3-4835-8E5F-96BF060658C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.4\",\"matchCriteriaId\":\"E33C3BC5-6CFC-4B58-8642-80A9FE00DB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.6.4\",\"matchCriteriaId\":\"3C93428C-C9B4-464F-8A4A-0CE8D7BB2BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.3\",\"matchCriteriaId\":\"A6D636F7-278A-491B-8960-91A4D5A86A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4\",\"matchCriteriaId\":\"B5DA93B3-CA76-4932-84EE-40445A6505EA\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213670\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213673\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213674\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT213676\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213677\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213678\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.