CVE-2023-23526 — Apple IOS AND Ipados vulnerability

4 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.0%

top 85.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipados +3 more

Timeline

PublishedMay 8

Description

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶Appleapple/macos_ventura13.3

▶CVEListV5apple/macosunspecified — 13.3

▶NVDapple/macos< 13.3

▶NVDapple/ipados< 16.4

▶CVEListV5apple/ios_and_ipadosunspecified — 16.4

🔴Vulnerability Details

GHSA

GHSA-6gch-3p38-w4g7: This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder↗2023-05-08

▶

📋Vendor Advisories

Apple

CVE-2023-23526: macOS Ventura 13.3↗2023-03-27

▶

Apple

CVE-2023-23526: iOS 16.4 and iPadOS 16.4↗2023-03-27

▶