Lucene search
HistoryJan 10, 2024 - 10:15 p.m.
CVE-2023-40385
cve-2023-40385
vulnerability fixed
macos sonoma 14
safari 17
ios 17
ipados 17
remote attacker
leaked dns queries
private relay
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.6
Confidence
High
EPSS
0.001
Percentile
39.6%
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
Affected configurations
Node
applesafariRange<17.0
ORappleipadosRange<17.0
ORappleiphone_osRange<17.0
ORapplemacosRange<14.0
Related
vulnrichment
vulnrichment
CVE-2023-40385
2024-01-10 22:03:31
cvelist
cvelist
CVE-2023-40385
2024-01-10 22:03:31
cve
cve
CVE-2023-40385
2024-01-10 22:15:48
prion
prion
Code injection
2024-01-10 22:15:00
openvas
openvas
Apple Safari Security Update (HT213941)
2023-10-27 00:00:00
Apple Mac OS X Security Update (HT213940)
2023-10-27 00:00:00
apple
apple
About the security content of Safari 17
2023-09-26 00:00:00
About the security content of iOS 17 and iPadOS 17
2023-09-18 00:00:00
About the security content of macOS Sonoma 14
2023-09-26 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.6
Confidence
High
EPSS
0.001
Percentile
39.6%
Related for NVD:CVE-2023-40385