CVE-2023-42834 — Apple IOS AND Ipados vulnerability

8 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +2 more

Timeline

PublishedFeb 21

Description

A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5apple/macosunspecified — 13.6+2

▶NVDapple/macos12.0 — 12.7.2+2

▶CVEListV5apple/watchosunspecified — 10.1

▶NVDapple/ipad_os< 17.1

▶NVDapple/watchos< 10.1

🔴Vulnerability Details

CVEList

CVE-2023-42834: A privacy issue was addressed with improved handling of files↗2024-02-21

▶

GHSA

GHSA-8wcv-54w6-5c6v: A privacy issue was addressed with improved handling of files↗2024-02-21

▶

📋Vendor Advisories

Apple

CVE-2023-42834: macOS Monterey 12.7.2↗2023-12-11

▶

Apple

CVE-2023-42834: macOS Ventura 13.6.3↗2023-12-11

▶

Apple

CVE-2023-42834: iOS 17.1 and iPadOS 17.1↗2023-10-25

▶

Apple

CVE-2023-42834: macOS Sonoma 14.1↗2023-10-25

▶

Apple

CVE-2023-42834: watchOS 10.1↗2023-10-25

▶