CVE-2023-42945 — Incorrect Default Permissions in Apple Macos

CWE-276 — Incorrect Default Permissions CWE-284 — Improper Access Control3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Macos Sonoma

Timeline

PublishedFeb 21

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Appleapple/macos_sonoma14.1

▶CVEListV5apple/macosunspecified — 14.1

▶NVDapple/macos14.0

🔴Vulnerability Details

GHSA

GHSA-j6qv-9fc5-fqqg: A permissions issue was addressed with additional restrictions↗2024-02-21

▶

📋Vendor Advisories

Apple

CVE-2023-42945: macOS Sonoma 14.1↗2023-10-25

▶