CVE-2023-23543 — Apple IOS AND Ipados vulnerability

6 documents3 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 77.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +5 more

Timeline

PublishedMay 8

Description

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is currently using the camera.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages10 packages

▶NVDapple/ipados16.0 — 16.4+1

▶CVEListV5apple/ios_and_ipadosunspecified — 16.4+1

▶Appleapple/macos_ventura13.3

▶Appleapple/ios_16.4_and_ipados16.4

▶Appleapple/ios_15.7.4_and_ipados15.7.4

🔴Vulnerability Details

GHSA

GHSA-45v5-fv79-85c6: The issue was addressed with additional restrictions on the observability of app states↗2023-05-08

▶

📋Vendor Advisories

Apple

CVE-2023-23543: iOS 16.4 and iPadOS 16.4↗2023-03-27

▶

Apple

CVE-2023-23543: iOS 15.7.4 and iPadOS 15.7.4↗2023-03-27

▶

Apple

CVE-2023-23543: watchOS 9.4↗2023-03-27

▶

Apple

CVE-2023-23543: macOS Ventura 13.3↗2023-03-27

▶