CVE-2023-42942

EPSS 0.13%
Veröffentlicht 21.02.2024 07:15:50
Zuletzt bearbeitet 14.03.2025 01:15:38
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPad OS Version < 16.7.2

Apple ≫ iPadOS Version17.0

Apple ≫ iPhone OS Version < 16.7.2

Apple ≫ iPhone OS Version17.0

Apple ≫ macOS Version >= 13.0 < 13.6.1

Apple ≫ macOS Version14.0

Apple ≫ tvOS Version <= 17.1

Apple ≫ watchOS Version < 10.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.326

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://support.apple.com/en-us/HT213981

Vendor Advisory

https://support.apple.com/en-us/HT213985

Vendor Advisory

https://support.apple.com/en-us/HT213984

Vendor Advisory

https://support.apple.com/en-us/HT213982

Vendor Advisory

https://support.apple.com/en-us/HT213988

Vendor Advisory

https://support.apple.com/en-us/HT213987

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-42942

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-42942

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-42942

EUVD