ID
VAR-202302-1170
CVE
CVE-2023-23522
TITLE
apple's macOS Vulnerability in
Trust: 0.8
DESCRIPTION
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained. Information about the security content is also available at https://support.apple.com/HT213633. Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero Shortcuts Available for: macOS Ventura Impact: An app may be able to observe unprotected user data Description: A privacy issue was addressed with improved handling of temporary files. CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. WebKit Bugzilla: 251944 CVE-2023-23529: an anonymous researcher macOS Ventura 13.2.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0 T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz 5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF 32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9 JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0 6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw= =2kFu -----END PGP SIGNATURE-----
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | apple | model: | macos | scope: | lt | version: | 13.2 | Trust: 1.0 |
| vendor: | アップル | model: | macos | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | アップル | model: | macos | scope: | eq | version: | 13.2 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | Lack of information (CWE-noinfo) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
other
Trust: 0.6
PATCH
| title: | HT213633 Apple Security update | url: | https://support.apple.com/en-us/HT213633 | Trust: 0.8 |
| title: | Apple macOS Ventura Security vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=226950 | Trust: 0.6 |
| title: | Apple: macOS Ventura 13.2.1 | url: | https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4ef147b74f6732097f493be9b69df642 | Trust: 0.1 |
| title: | - | url: | https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-23522 | Trust: 3.5 |
| db: | JVNDB | id: | JVNDB-2023-004756 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202302-1000 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-451833 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2023-23522 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 170996 | Trust: 0.1 |
REFERENCES
| url: | https://support.apple.com/en-us/ht213633 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23522 | Trust: 1.5 |
| url: | https://cxsecurity.com/cveshow/cve-2023-23522/ | Trust: 0.6 |
| url: | https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/ | Trust: 0.1 |
| url: | https://support.apple.com/kb/ht213633 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23529 | Trust: 0.1 |
| url: | https://www.apple.com/support/security/pgp/ | Trust: 0.1 |
| url: | https://support.apple.com/ht213633. | Trust: 0.1 |
| url: | https://support.apple.com/downloads/ | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23514 | Trust: 0.1 |
| url: | https://support.apple.com/en-us/ht201222. | Trust: 0.1 |
CREDITS
Apple
Trust: 0.1
SOURCES
| db: | VULHUB | id: | VHN-451833 |
| db: | VULMON | id: | CVE-2023-23522 |
| db: | JVNDB | id: | JVNDB-2023-004756 |
| db: | PACKETSTORM | id: | 170996 |
| db: | CNNVD | id: | CNNVD-202302-1000 |
| db: | NVD | id: | CVE-2023-23522 |
LAST UPDATE DATE
2024-08-14T12:13:32.065000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-451833 | date: | 2023-03-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004756 | date: | 2023-11-01T08:30:00 |
| db: | CNNVD | id: | CNNVD-202302-1000 | date: | 2023-03-09T00:00:00 |
| db: | NVD | id: | CVE-2023-23522 | date: | 2023-07-27T04:15:14.807 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-451833 | date: | 2023-02-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004756 | date: | 2023-11-01T00:00:00 |
| db: | PACKETSTORM | id: | 170996 | date: | 2023-02-15T17:38:42 |
| db: | CNNVD | id: | CNNVD-202302-1000 | date: | 2023-02-13T00:00:00 |
| db: | NVD | id: | CVE-2023-23522 | date: | 2023-02-27T20:15:14.580 |