CVE-2023-42957Improper Access Control in Apple IOS AND Ipados

CWE-284Improper Access Control6 documents4 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 75.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple MacosApple Watchos+2 more
Timeline
PublishedJul 29

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages7 packages

CVEListV5apple/macosunspecified14
NVDapple/ipados< 17.0
CVEListV5apple/watchosunspecified10
NVDapple/watchos< 10.0
CVEListV5apple/ios_and_ipadosunspecified17

🔴Vulnerability Details

2
CVEList
CVE-2023-42957: A permissions issue was addressed with additional restrictions2024-07-29
GHSA
GHSA-5488-c7c3-vx9f: A permissions issue was addressed with additional restrictions2024-07-29

📋Vendor Advisories

3
Apple
CVE-2023-42957: macOS Sonoma 142023-09-26
Apple
CVE-2023-42957: iOS 17 and iPadOS 172023-09-18
Apple
CVE-2023-42957: watchOS 102023-09-18
CVE-2023-42957 — Improper Access Control in Apple | cvebase