Lucene search
HistoryJul 27, 2023 - 12:15 a.m.
CVE-2023-36862
cve-2023-36862
location disclosure
code-signing restrictions
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
22.4%
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.
Affected configurations
Node
applemacosRange13.0–13.5
References
Related
prion
prion
Code injection
2023-07-27 00:15:00
cve
cve
CVE-2023-36862
2023-07-27 00:15:15
cvelist
cvelist
CVE-2023-36862
2023-07-26 23:55:03
openvas
openvas
Apple Mac OS X Security Update (HT213843)
2023-07-25 00:00:00
apple
apple
About the security content of macOS Ventura 13.5
2023-07-24 00:00:00
nessus
nessus
macOS 13.x < 13.5 Multiple Vulnerabilities (HT213843)
2023-07-24 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
22.4%
Related for NVD:CVE-2023-36862