5.5

CVE-2023-42924

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS Version >= 13.0 < 13.6.3
ApplemacOS Version >= 14.0 < 14.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.167
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214038
http://seclists.org/fulldisclosure/2023/Dec/10
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2023/Dec/9
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT214036
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT214038
Vendor Advisory
Release Notes