Lucene search

AppleCVE-2023-42932

HistoryDec 12, 2023 - 1:15 a.m.

CVE-2023-42932

2023-12-1201:15:12

apple

web.nvd.nist.gov

cve-2023-42932

logic issue

macos

sonoma

ventura

monterey

data protection

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

Affected configurations

Nvd

Vulners

Node

applemacosRange12.0–12.7.2

applemacosRange13.0–13.6.3

applemacosRange14.0–14.2

VendorProductVersionCPE
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	*	cpe:2.3:o:apple:macos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "12.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "14.2",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2023/Dec/10

seclists.org/fulldisclosure/2023/Dec/11

seclists.org/fulldisclosure/2023/Dec/9

support.apple.com/en-us/HT214036

support.apple.com/en-us/HT214037

support.apple.com/en-us/HT214038

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

Related for CVE-2023-42932