ID

VAR-202302-2045


CVE

CVE-2023-23530


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2023-004735

DESCRIPTION

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23530 // JVNDB: JVNDB-2023-004735 // VULHUB: VHN-451841 // VULMON: CVE-2023-23530

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:16.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:16.3

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.2

Trust: 0.8

sources: JVNDB: JVNDB-2023-004735 // NVD: CVE-2023-23530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23530
value: HIGH

Trust: 1.0

NVD: CVE-2023-23530
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-2129
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-23530
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-23530
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129 // NVD: CVE-2023-23530

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004735 // NVD: CVE-2023-23530

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-2129

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-2129

PATCH

title:HT213605 Apple  Security updateurl:https://support.apple.com/en-us/HT213605

Trust: 0.8

title:Apple macOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228162

Trust: 0.6

sources: JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129

EXTERNAL IDS

db:NVDid:CVE-2023-23530

Trust: 3.4

db:JVNDBid:JVNDB-2023-004735

Trust: 0.8

db:CNNVDid:CNNVD-202302-2129

Trust: 0.6

db:VULHUBid:VHN-451841

Trust: 0.1

db:VULMONid:CVE-2023-23530

Trust: 0.1

sources: VULHUB: VHN-451841 // VULMON: CVE-2023-23530 // JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129 // NVD: CVE-2023-23530

REFERENCES

url:https://support.apple.com/en-us/ht213605

Trust: 1.8

url:https://support.apple.com/en-us/ht213606

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23530

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2023-23530/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-451841 // VULMON: CVE-2023-23530 // JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129 // NVD: CVE-2023-23530

SOURCES

db:VULHUBid:VHN-451841
db:VULMONid:CVE-2023-23530
db:JVNDBid:JVNDB-2023-004735
db:CNNVDid:CNNVD-202302-2129
db:NVDid:CVE-2023-23530

LAST UPDATE DATE

2024-08-14T14:54:57.039000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-451841date:2023-03-08T00:00:00
db:VULMONid:CVE-2023-23530date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2023-004735date:2023-11-01T06:28:00
db:CNNVDid:CNNVD-202302-2129date:2023-03-09T00:00:00
db:NVDid:CVE-2023-23530date:2023-07-27T04:15:15.507

SOURCES RELEASE DATE

db:VULHUBid:VHN-451841date:2023-02-27T00:00:00
db:VULMONid:CVE-2023-23530date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2023-004735date:2023-11-01T00:00:00
db:CNNVDid:CNNVD-202302-2129date:2023-02-27T00:00:00
db:NVDid:CVE-2023-23530date:2023-02-27T20:15:14.773