5.5

CVE-2023-40528

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.

Data is provided by the National Vulnerability Database (NVD)
AppleiPadOS Version < 17.0
AppleiPhone OS Version < 17.0
ApplemacOS Version >= 13.0 < 13.6.4
AppletvOS Version < 17.0
ApplewatchOS Version < 10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.003
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.apple.com/kb/HT213940
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213940
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213936
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213937
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213938
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT213938
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT214058
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT213936
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT213937
Vendor Advisory
Release Notes