ID

VAR-202301-1716


CVE

CVE-2023-23507


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004374

DESCRIPTION

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges. apple's macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213604. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260 curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252 dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2022-32915: Tommy Muir (@Muirey03) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23504: Adam Doupé of ASU SEFCOM Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg) PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t) Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog) Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t) Additional recognition Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance. macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke NxlXeg/+JwvCu4zHuDTptxkKw1gxht0hTTVJvNjgNWj2XFtnOz9kCIupGj/xPTMl P9vABQWRbpEJfCJE31FbUcxRCMcr/jm8dDb1ocx4qsGLlY5iGLQ/M1G6OLxQVajg gGaCSMjW9Zk7l7sXztKj4XcirsB3ft9tiRJwgPUE0znaT70970usFdg+q95CzODm DHVoa5VNLi0zA4178CIiq4WayAZe90cRYYQQ1+Okjhab/U/blfGgEPhA/rrdjQ85 J4NKTXyGBIWl+Ix4HpLikYpnwm/TKyYiY+MogZ6xUmFwnUgXkPCc4gYdPANQk064 KNjy90yq3Os9IBjfDpw+Pqs6I3GMZ0oNYUKWO+45/0NVp5/qjDFt5K7ZS+Xz5Py7 YrodbwaYiESzsdfLja9ILf8X7taDLHxxfHEvWcXnhcMD1XNKU6mpsb8SOLicWYzp 8maZarjhzQl3dQi4Kz3vQk0hKHTIE6/04fRdDpqhM9WXljayLLO7bsryW8u98Y/b fR3BXgfsll+QjdLDeW3nfuY+q2JsW0a2lhJZnxuRQPC+wUGDoCY7vcCbv8zkx0oo y1w8VDBdUjj7vyVSAqoZNlpgl1ebKgciVhTvrgTsyVxuOA94VzDCeI5/6RkjDAJ+ WL2Em8qc4aqXvGEwimKdNkETbyqIRcNVXWhXLVGLsmHvDViVjGQ= =BbMS -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2023-23507 // JVNDB: JVNDB-2023-004374 // VULHUB: VHN-451818 // PACKETSTORM: 170697

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6.3

Trust: 1.0

vendor:applemodel:macosscope:gteversion:13.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:13.0 that's all 13.2

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:12.0.0 that's all 12.6.3

Trust: 0.8

sources: JVNDB: JVNDB-2023-004374 // NVD: CVE-2023-23507

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23507
value: HIGH

Trust: 1.0

NVD: CVE-2023-23507
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-1766
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-23507
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-23507
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004374 // CNNVD: CNNVD-202301-1766 // NVD: CVE-2023-23507

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004374 // NVD: CVE-2023-23507

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-1766

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1766

PATCH

title:HT213604 Apple  Security updateurl:https://support.apple.com/en-us/HT213604

Trust: 0.8

title:Apple macOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226938

Trust: 0.6

sources: JVNDB: JVNDB-2023-004374 // CNNVD: CNNVD-202301-1766

EXTERNAL IDS

db:NVDid:CVE-2023-23507

Trust: 3.4

db:JVNDBid:JVNDB-2023-004374

Trust: 0.8

db:PACKETSTORMid:170697

Trust: 0.7

db:CNNVDid:CNNVD-202301-1766

Trust: 0.6

db:VULHUBid:VHN-451818

Trust: 0.1

sources: VULHUB: VHN-451818 // JVNDB: JVNDB-2023-004374 // PACKETSTORM: 170697 // CNNVD: CNNVD-202301-1766 // NVD: CVE-2023-23507

REFERENCES

url:https://support.apple.com/en-us/ht213605

Trust: 2.3

url:https://support.apple.com/en-us/ht213604

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-23507

Trust: 0.9

url:https://cxsecurity.com/cveshow/cve-2023-23507/

Trust: 0.6

url:https://packetstormsecurity.com/files/170697/apple-security-advisory-2023-01-23-5.html

Trust: 0.6

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23493

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23504

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23508

Trust: 0.1

url:https://support.apple.com/ht213604.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35260

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23502

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

sources: VULHUB: VHN-451818 // JVNDB: JVNDB-2023-004374 // PACKETSTORM: 170697 // CNNVD: CNNVD-202301-1766 // NVD: CVE-2023-23507

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 170697

SOURCES

db:VULHUBid:VHN-451818
db:JVNDBid:JVNDB-2023-004374
db:PACKETSTORMid:170697
db:CNNVDid:CNNVD-202301-1766
db:NVDid:CVE-2023-23507

LAST UPDATE DATE

2024-08-14T12:33:14.505000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-451818date:2023-03-04T00:00:00
db:JVNDBid:JVNDB-2023-004374date:2023-10-30T04:15:00
db:CNNVDid:CNNVD-202301-1766date:2023-03-06T00:00:00
db:NVDid:CVE-2023-23507date:2023-07-27T04:15:13.620

SOURCES RELEASE DATE

db:VULHUBid:VHN-451818date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2023-004374date:2023-10-30T00:00:00
db:PACKETSTORMid:170697date:2023-01-24T16:41:07
db:CNNVDid:CNNVD-202301-1766date:2023-01-23T00:00:00
db:NVDid:CVE-2023-23507date:2023-02-27T20:15:13.880