Details of VAR-202302-2045

ID

VAR-202302-2045

CVE

CVE-2023-23530

TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2023-004735

DESCRIPTION

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23530 // JVNDB: JVNDB-2023-004735 // VULHUB: VHN-451841 // VULMON: CVE-2023-23530

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	16.3	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	13.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	16.3	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	13.2	Trust: 0.8

sources: JVNDB: JVNDB-2023-004735 // NVD: CVE-2023-23530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-23530
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-23530
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-2129
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-23530
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2023-23530
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129 // NVD: CVE-2023-23530

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-004735 // NVD: CVE-2023-23530

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-2129

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-2129

PATCH

title:	HT213605 Apple Security update	url:	https://support.apple.com/en-us/HT213605	Trust: 0.8
title:	Apple macOS Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=228162	Trust: 0.6

sources: JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129

EXTERNAL IDS

db:	NVD	id:	CVE-2023-23530	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004735	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-2129	Trust: 0.6
db:	VULHUB	id:	VHN-451841	Trust: 0.1
db:	VULMON	id:	CVE-2023-23530	Trust: 0.1

sources: VULHUB: VHN-451841 // VULMON: CVE-2023-23530 // JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129 // NVD: CVE-2023-23530

REFERENCES

url:	https://support.apple.com/en-us/ht213605	Trust: 1.8
url:	https://support.apple.com/en-us/ht213606	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23530	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2023-23530/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-451841 // VULMON: CVE-2023-23530 // JVNDB: JVNDB-2023-004735 // CNNVD: CNNVD-202302-2129 // NVD: CVE-2023-23530

SOURCES

db:	VULHUB	id:	VHN-451841
db:	VULMON	id:	CVE-2023-23530
db:	JVNDB	id:	JVNDB-2023-004735
db:	CNNVD	id:	CNNVD-202302-2129
db:	NVD	id:	CVE-2023-23530

LAST UPDATE DATE

2024-08-14T14:54:57.039000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-451841	date:	2023-03-08T00:00:00
db:	VULMON	id:	CVE-2023-23530	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2023-004735	date:	2023-11-01T06:28:00
db:	CNNVD	id:	CNNVD-202302-2129	date:	2023-03-09T00:00:00
db:	NVD	id:	CVE-2023-23530	date:	2023-07-27T04:15:15.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-451841	date:	2023-02-27T00:00:00
db:	VULMON	id:	CVE-2023-23530	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2023-004735	date:	2023-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202302-2129	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2023-23530	date:	2023-02-27T20:15:14.773