7

CVE-2023-32413

A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.

Data is provided by the National Vulnerability Database (NVD)
AppleiPadOS Version < 15.7.6
AppleiPadOS Version >= 16.0 < 16.5
AppleiPhone OS Version < 15.7.6
AppleiPhone OS Version >= 16.0 < 16.5
ApplemacOS Version >= 11.0 < 11.7.7
ApplemacOS Version >= 12.0 < 12.6.6
ApplemacOS Version >= 13.0 < 13.4
AppletvOS Version < 16.5
ApplewatchOS Version < 9.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.52% 0.654
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://support.apple.com/en-us/HT213765
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213759
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213760
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213757
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213758
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213761
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213764
Vendor Advisory
Release Notes