Lucene search

PRIOn knowledge basePRION:CVE-2023-42846

HistoryOct 25, 2023 - 7:15 p.m.

Code injection

2023-10-2519:15:00

PRIOn knowledge base

www.prio-n.com

code injection

vulnerable code

fixed

watchos

ios

ipados

device tracking

wi-fi mac address

5.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.6%

JSON

This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.

CPENameOperatorVersion
ipadoslt16.7.2
ipadosge17.0
ipadoslt17.1
iphone_osge17.0
iphone_oslt17.1
iphone_oslt16.7.2
tvoslt17.1
watchoslt10.1

Name	Operator	Version
ipados	lt	16.7.2
ipados	ge	17.0
ipados	lt	17.1
iphone_os	ge	17.0
iphone_os	lt	17.1
iphone_os	lt	16.7.2
tvos	lt	17.1
watchos	lt	10.1

References

seclists.org/fulldisclosure/2023/Oct/19

seclists.org/fulldisclosure/2023/Oct/22

seclists.org/fulldisclosure/2023/Oct/23

seclists.org/fulldisclosure/2023/Oct/25

support.apple.com/en-us/HT213981

support.apple.com/en-us/HT213982

support.apple.com/en-us/HT213987

support.apple.com/en-us/HT213988

support.apple.com/kb/HT213981

support.apple.com/kb/HT213982

support.apple.com/kb/HT213987

support.apple.com/kb/HT213988