CVE-2023-42844

2023-10-2518:32:19

apple

github.com

cve-2023-42844

macos

symlinks

sensitive data access

AI Score

Confidence

Low

EPSS

0.001

Percentile

41.5%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "macos",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.7",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "13.6",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "14.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]