CVE-2023-42973Improper Authorization in Apple IOS AND Ipados

CWE-285Improper Authorization4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.1%
top 82.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOS AND IpadosApple IpadosApple Iphone OS
Timeline
PublishedApr 11

Description

Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

CVEListV5apple/ios_and_ipadosunspecified17
NVDapple/ipados17.0
NVDapple/iphone_os17.0

🔴Vulnerability Details

2
GHSA
GHSA-cmwf-4hcv-45rc: Private Browsing tabs may be accessed without authentication2025-04-11
CVEList
CVE-2023-42973: Private Browsing tabs may be accessed without authentication2025-04-11

📋Vendor Advisories

1
Apple
CVE-2023-42973: iOS 17 and iPadOS 172023-09-18
CVE-2023-42973 — Improper Authorization in Apple | cvebase