CVE-2023-27940Apple IOS AND Ipados vulnerability

5 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 90.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOS AND IpadosApple MacosApple Ipados+4 more
Timeline
PublishedJun 23

Description

The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 1.8 | Impact: 4.0

Affected Packages8 packages

Appleapple/macos_monterey12.6.6
CVEListV5apple/macosunspecified13.4+1
NVDapple/macos12.0.012.6.6+1
NVDapple/ipados< 15.7.6

🔴Vulnerability Details

1
GHSA
GHSA-hw8h-w39h-p4x8: The issue was addressed with additional permissions checks2023-06-23

📋Vendor Advisories

3
Apple
CVE-2023-27940: macOS Ventura 13.42023-05-18
Apple
CVE-2023-27940: macOS Monterey 12.6.62023-05-18
Apple
CVE-2023-27940: iOS 15.7.6 and iPadOS 15.7.62023-05-18