Lucene search

AppleCVE-2023-38605

HistorySep 06, 2023 - 9:15 p.m.

CVE-2023-38605

2023-09-0621:15:12

apple

web.nvd.nist.gov

cve-2023-38605

macos ventura

information security

redaction

sensitive information

location privacy

nvd

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.

Affected configurations

Nvd

Vulners

Node

appleipadosRange<15.7.8

appleipadosRange16.0–16.6

appleiphone_osRange<15.7.8

appleiphone_osRange16.0–16.6

applemacosRange<12.6.8

applemacosRange13.0–13.5

VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.5",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT213843

support.apple.com/kb/HT213841

support.apple.com/kb/HT213842

support.apple.com/kb/HT213844

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

Related for CVE-2023-38605