5.3

CVE-2023-42846

This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.

Data is provided by the National Vulnerability Database (NVD)
AppleiPadOS Version < 16.7.2
AppleiPadOS Version >= 17.0 < 17.1
AppleiPhone OS Version < 16.7.2
AppleiPhone OS Version >= 17.0 < 17.1
AppletvOS Version < 17.1
ApplewatchOS Version < 10.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.28% 0.512
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://seclists.org/fulldisclosure/2023/Oct/23
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT213981
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2023/Oct/19
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2023/Oct/25
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT213982
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213988
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT213981
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT213982
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT213988
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2023/Oct/22
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT213987
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT213987
Vendor Advisory
Release Notes