Details of VAR-202302-2240

ID

VAR-202302-2240

CVE

CVE-2023-23531

TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2023-004734

DESCRIPTION

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23531 // JVNDB: JVNDB-2023-004734 // VULHUB: VHN-451842 // VULMON: CVE-2023-23531

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	16.3	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	13.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	16.3	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	13.2	Trust: 0.8

sources: JVNDB: JVNDB-2023-004734 // NVD: CVE-2023-23531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-23531
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-23531
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-2128
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-23531
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2023-23531
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004734 // CNNVD: CNNVD-202302-2128 // NVD: CVE-2023-23531

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-004734 // NVD: CVE-2023-23531

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-2128

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-2128

PATCH

title:	HT213605 Apple Security update	url:	https://support.apple.com/en-us/HT213605	Trust: 0.8
title:	Apple macOS Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=230040	Trust: 0.6

sources: JVNDB: JVNDB-2023-004734 // CNNVD: CNNVD-202302-2128

EXTERNAL IDS

db:	NVD	id:	CVE-2023-23531	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004734	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-2128	Trust: 0.6
db:	VULHUB	id:	VHN-451842	Trust: 0.1
db:	VULMON	id:	CVE-2023-23531	Trust: 0.1

sources: VULHUB: VHN-451842 // VULMON: CVE-2023-23531 // JVNDB: JVNDB-2023-004734 // CNNVD: CNNVD-202302-2128 // NVD: CVE-2023-23531

REFERENCES

url:	https://support.apple.com/en-us/ht213605	Trust: 1.8
url:	https://support.apple.com/en-us/ht213606	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23531	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-23531/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-451842 // VULMON: CVE-2023-23531 // JVNDB: JVNDB-2023-004734 // CNNVD: CNNVD-202302-2128 // NVD: CVE-2023-23531

SOURCES

db:	VULHUB	id:	VHN-451842
db:	VULMON	id:	CVE-2023-23531
db:	JVNDB	id:	JVNDB-2023-004734
db:	CNNVD	id:	CNNVD-202302-2128
db:	NVD	id:	CVE-2023-23531

LAST UPDATE DATE

2024-08-14T13:52:42.066000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-451842	date:	2023-03-08T00:00:00
db:	VULMON	id:	CVE-2023-23531	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2023-004734	date:	2023-11-01T06:27:00
db:	CNNVD	id:	CNNVD-202302-2128	date:	2023-03-24T00:00:00
db:	NVD	id:	CVE-2023-23531	date:	2023-07-27T04:15:15.590

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-451842	date:	2023-02-27T00:00:00
db:	VULMON	id:	CVE-2023-23531	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2023-004734	date:	2023-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202302-2128	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2023-23531	date:	2023-02-27T20:15:14.843