ID

VAR-202302-1170


CVE

CVE-2023-23522


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004756

DESCRIPTION

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained. Information about the security content is also available at https://support.apple.com/HT213633. Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero Shortcuts Available for: macOS Ventura Impact: An app may be able to observe unprotected user data Description: A privacy issue was addressed with improved handling of temporary files. CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. WebKit Bugzilla: 251944 CVE-2023-23529: an anonymous researcher macOS Ventura 13.2.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0 T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz 5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF 32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9 JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0 6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw= =2kFu -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2023-23522 // JVNDB: JVNDB-2023-004756 // VULHUB: VHN-451833 // PACKETSTORM: 170996

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:13.2

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.2

Trust: 0.8

sources: JVNDB: JVNDB-2023-004756 // NVD: CVE-2023-23522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23522
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-23522
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-1000
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-23522
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-23522
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004756 // CNNVD: CNNVD-202302-1000 // NVD: CVE-2023-23522

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004756 // NVD: CVE-2023-23522

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1000

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1000

PATCH

title:HT213633 Apple  Security updateurl:https://support.apple.com/en-us/HT213633

Trust: 0.8

title:Apple macOS Ventura Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226950

Trust: 0.6

title:Apple: macOS Ventura 13.2.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4ef147b74f6732097f493be9b69df642

Trust: 0.1

title: - url:https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/

Trust: 0.1

sources: VULMON: CVE-2023-23522 // JVNDB: JVNDB-2023-004756 // CNNVD: CNNVD-202302-1000

EXTERNAL IDS

db:NVDid:CVE-2023-23522

Trust: 3.5

db:JVNDBid:JVNDB-2023-004756

Trust: 0.8

db:CNNVDid:CNNVD-202302-1000

Trust: 0.6

db:VULHUBid:VHN-451833

Trust: 0.1

db:VULMONid:CVE-2023-23522

Trust: 0.1

db:PACKETSTORMid:170996

Trust: 0.1

sources: VULHUB: VHN-451833 // VULMON: CVE-2023-23522 // JVNDB: JVNDB-2023-004756 // PACKETSTORM: 170996 // CNNVD: CNNVD-202302-1000 // NVD: CVE-2023-23522

REFERENCES

url:https://support.apple.com/en-us/ht213633

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-23522

Trust: 1.5

url:https://cxsecurity.com/cveshow/cve-2023-23522/

Trust: 0.6

url:https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/

Trust: 0.1

url:https://support.apple.com/kb/ht213633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23529

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/ht213633.

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23514

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

sources: VULHUB: VHN-451833 // VULMON: CVE-2023-23522 // JVNDB: JVNDB-2023-004756 // PACKETSTORM: 170996 // CNNVD: CNNVD-202302-1000 // NVD: CVE-2023-23522

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 170996

SOURCES

db:VULHUBid:VHN-451833
db:VULMONid:CVE-2023-23522
db:JVNDBid:JVNDB-2023-004756
db:PACKETSTORMid:170996
db:CNNVDid:CNNVD-202302-1000
db:NVDid:CVE-2023-23522

LAST UPDATE DATE

2024-08-14T12:13:32.065000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-451833date:2023-03-08T00:00:00
db:JVNDBid:JVNDB-2023-004756date:2023-11-01T08:30:00
db:CNNVDid:CNNVD-202302-1000date:2023-03-09T00:00:00
db:NVDid:CVE-2023-23522date:2023-07-27T04:15:14.807

SOURCES RELEASE DATE

db:VULHUBid:VHN-451833date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2023-004756date:2023-11-01T00:00:00
db:PACKETSTORMid:170996date:2023-02-15T17:38:42
db:CNNVDid:CNNVD-202302-1000date:2023-02-13T00:00:00
db:NVDid:CVE-2023-23522date:2023-02-27T20:15:14.580