cvelistv5 - cve-2023-23522

CVE-2023-23522 (GCVE-0-2023-23522)

Vulnerability from cvelistv5

Published

2023-02-27 00:00

Modified

2025-03-11 17:20

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

An app may be able to observe unprotected user data.

Summary

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.

References

URL

Tags

	product-security@apple.com	https://support.apple.com/en-us/HT213633	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213633	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Apple	macOS	Version: unspecified < 13.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:32.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213633"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23522",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T17:19:04.103426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-922",
                "description": "CWE-922 Insecure Storage of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T17:20:16.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to observe unprotected user data.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-27T03:45:44.480Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213633"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-23522",
    "datePublished": "2023-02-27T00:00:00.000Z",
    "dateReserved": "2023-01-12T00:00:00.000Z",
    "dateUpdated": "2025-03-11T17:20:16.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23522\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-02-27T20:15:14.580\",\"lastModified\":\"2025-03-11T18:15:28.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.2\",\"matchCriteriaId\":\"362E766C-05AD-4205-85FA-F388DDF5DD1A\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213633\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213633\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:35:32.885Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23522\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-11T17:19:04.103426Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-922\", \"description\": \"CWE-922 Insecure Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-11T17:18:57.222Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"13.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213633\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An app may be able to observe unprotected user data.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2023-07-27T03:45:44.480Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23522\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T17:20:16.164Z\", \"dateReserved\": \"2023-01-12T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2023-02-27T00:00:00.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-g4xv-f6gh-pr93

Vulnerability from github

Published

2023-02-27 21:30

Modified

2023-03-08 18:30

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data..

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data..",
  "id": "GHSA-g4xv-f6gh-pr93",
  "modified": "2023-03-08T18:30:26Z",
  "published": "2023-02-27T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23522"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213633"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2023-23522

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.

Aliases

CVE-2023-23522

Aliases

CVE-2023-23522

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23522",
    "id": "GSD-2023-23522"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23522"
      ],
      "details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.",
      "id": "GSD-2023-23522",
      "modified": "2023-12-13T01:20:49.779431Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2023-23522",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "13.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An app may be able to observe unprotected user data."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213633",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213633"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2023-23522"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213633",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213633"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-07-27T04:15Z",
      "publishedDate": "2023-02-27T20:15Z"
    }
  }
}

fkie_cve-2023-23522

Vulnerability from fkie_nvd

Published

2023-02-27 20:15

Modified

2025-03-11 18:15

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/en-us/HT213633	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213633	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "362E766C-05AD-4205-85FA-F388DDF5DD1A",
              "versionEndExcluding": "13.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data."
    }
  ],
  "id": "CVE-2023-23522",
  "lastModified": "2025-03-11T18:15:28.870",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-27T20:15:14.580",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213633"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

De multiples vulnérabilités ont été corrigées dans les produits Apple. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et une exécution de code arbitraire à distance.

L'éditeur indique que la vulnérabilité CVE-2023-23529 est activement exploitée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Apple macOS versions antérieures à 13.2.1
Apple	Safari	Safari versions antérieures à 16.3.1
Apple	N/A	iOS et iPadOS versions antérieures à 16.3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213638 du 13 février 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213635 du 13 février 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213633 du 13 février 2023	None	vendor-advisory
Bulletin de sécurité Apple du 13 février 2023	-	other
Bulletin de sécurité Apple du 13 février 2023	-	other
Bulletin de sécurité Apple du 13 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple macOS versions ant\u00e9rieures \u00e0 13.2.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 16.3.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 16.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23514"
    },
    {
      "name": "CVE-2023-23522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23522"
    },
    {
      "name": "CVE-2023-23529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
    }
  ],
  "initial_release_date": "2023-02-14T00:00:00",
  "last_revision_date": "2023-02-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
      "url": "https://support.apple.com/en-us/HT213633"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
      "url": "https://support.apple.com/en-us/HT213638"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
      "url": "https://support.apple.com/en-us/HT213635"
    }
  ],
  "reference": "CERTFR-2023-AVI-0119",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2023-23529 est activement\nexploit\u00e9e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213638 du 13 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213635 du 13 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213633 du 13 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

CERTFR-2023-AVI-0152

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans macOS Ventura. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	macOS	macOS Ventura versions antérieures à 13.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213633 du 13 février 2023	None	vendor-advisory
Bulletin de sécurité Apple du 13 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.2.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23524"
    },
    {
      "name": "CVE-2023-23514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23514"
    },
    {
      "name": "CVE-2023-23522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23522"
    },
    {
      "name": "CVE-2023-23529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
    }
  ],
  "initial_release_date": "2023-02-21T00:00:00",
  "last_revision_date": "2023-02-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
      "url": "https://support.apple.com/en-us/HT213633"
    }
  ],
  "reference": "CERTFR-2023-AVI-0152",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003emacOS Ventura\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans macOS Ventura",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213633 du 13 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

wid-sec-w-2023-0347

Vulnerability from csaf_certbund

Published

2023-02-13 23:00

Modified

2023-02-21 23:00

Summary

Apple macOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff

Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0347 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0347.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0347 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0347"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2023-02-13",
        "url": "https://support.apple.com/en-us/HT213633"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:43:27.056+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0347",
      "initial_release_date": "2023-02-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "weitere Schwachstelle mit CVE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apple macOS \u003c 13.2.1",
            "product": {
              "name": "Apple macOS \u003c 13.2.1",
              "product_id": "T026264",
              "product_identification_helper": {
                "cpe": "cpe:/o:apple:mac_os:13.2.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23524",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Ein speziell bearbeitetes Zertifikat wird unsachgem\u00e4\u00df verarbeitet. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-21T23:00:00.000+00:00",
      "title": "CVE-2023-23524"
    },
    {
      "cve": "CVE-2023-23529",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Beim Parsen von speziell bearbeiteten Webinhalten in WebKit kommt es zu einem Type Confusion Problem. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auf dem Zielsystem auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23529"
    },
    {
      "cve": "CVE-2023-23522",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. In Shortcuts werden tempor\u00e4re Dateien unsachgem\u00e4\u00df verarbeitet. Ein Angreifer kann diese Schwachstelle \u00fcber eine lokale Applikation ausnutzen, um Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23522"
    },
    {
      "cve": "CVE-2023-23514",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Innerhalb des Betriebssystem Kernels besteht ein Use-after-free-Fehler. Ein Angreifer kann diese Schwachstelle \u00fcber eine lokale Applikation ausnutzen, um seine Rechte zu erweitern und beliebigen Code mit Kernel-Rechten auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23514"
    }
  ]
}

WID-SEC-W-2023-0347

Vulnerability from csaf_certbund

Published

2023-02-13 23:00

Modified

2023-02-21 23:00

Summary

Apple macOS: Mehrere Schwachstellen

Notes

Produktbeschreibung

Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff

Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0347 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0347.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0347 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0347"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2023-02-13",
        "url": "https://support.apple.com/en-us/HT213633"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:43:27.056+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0347",
      "initial_release_date": "2023-02-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "weitere Schwachstelle mit CVE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apple macOS \u003c 13.2.1",
            "product": {
              "name": "Apple macOS \u003c 13.2.1",
              "product_id": "T026264",
              "product_identification_helper": {
                "cpe": "cpe:/o:apple:mac_os:13.2.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23524",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Ein speziell bearbeitetes Zertifikat wird unsachgem\u00e4\u00df verarbeitet. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-21T23:00:00.000+00:00",
      "title": "CVE-2023-23524"
    },
    {
      "cve": "CVE-2023-23529",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Beim Parsen von speziell bearbeiteten Webinhalten in WebKit kommt es zu einem Type Confusion Problem. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auf dem Zielsystem auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23529"
    },
    {
      "cve": "CVE-2023-23522",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. In Shortcuts werden tempor\u00e4re Dateien unsachgem\u00e4\u00df verarbeitet. Ein Angreifer kann diese Schwachstelle \u00fcber eine lokale Applikation ausnutzen, um Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23522"
    },
    {
      "cve": "CVE-2023-23514",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Innerhalb des Betriebssystem Kernels besteht ein Use-after-free-Fehler. Ein Angreifer kann diese Schwachstelle \u00fcber eine lokale Applikation ausnutzen, um seine Rechte zu erweitern und beliebigen Code mit Kernel-Rechten auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23514"
    }
  ]
}

var-202302-1170

Vulnerability from variot

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained. Information about the security content is also available at https://support.apple.com/HT213633.

Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero

Shortcuts Available for: macOS Ventura Impact: An app may be able to observe unprotected user data Description: A privacy issue was addressed with improved handling of temporary files. CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group

WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. WebKit Bugzilla: 251944 CVE-2023-23529: an anonymous researcher

macOS Ventura 13.2.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0 T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz 5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF 32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9 JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0 6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw= =2kFu -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1170",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.2"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "13.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170996"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2023-23522",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2023-23522",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-23522",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-23522",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-23522",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202302-1000",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. apple\u0027s macOS Exists in unspecified vulnerabilities.Information may be obtained. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213633. \n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google\nProject Zero\n\nShortcuts\nAvailable for: macOS Ventura\nImpact: An app may be able to observe unprotected user data\nDescription: A privacy issue was addressed with improved handling of\ntemporary files. \nCVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nWebKit Bugzilla: 251944\nCVE-2023-23529: an anonymous researcher\n\nmacOS Ventura 13.2.1 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke\nNxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz\nAz+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0\nT0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz\n5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S\nHSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF\n32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG\nNYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9\nJrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU\nhW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0\n6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf\nEIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw=\n=2kFu\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-23522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "VULHUB",
        "id": "VHN-451833"
      },
      {
        "db": "PACKETSTORM",
        "id": "170996"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-23522",
        "trust": 3.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-451833",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23522",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170996",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451833"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "PACKETSTORM",
        "id": "170996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "id": "VAR-202302-1170",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451833"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T12:13:32.065000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213633 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT213633"
      },
      {
        "title": "Apple macOS Ventura Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226950"
      },
      {
        "title": "Apple: macOS Ventura 13.2.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4ef147b74f6732097f493be9b69df642"
      },
      {
        "title": null,
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-23522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213633"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23522"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-23522/"
      },
      {
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht213633"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23529"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213633."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23514"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht201222."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451833"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "PACKETSTORM",
        "id": "170996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-451833"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "db": "PACKETSTORM",
        "id": "170996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-451833"
      },
      {
        "date": "2023-11-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "date": "2023-02-15T17:38:42",
        "db": "PACKETSTORM",
        "id": "170996"
      },
      {
        "date": "2023-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      },
      {
        "date": "2023-02-27T20:15:14.580000",
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-451833"
      },
      {
        "date": "2023-11-01T08:30:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      },
      {
        "date": "2023-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      },
      {
        "date": "2023-07-27T04:15:14.807000",
        "db": "NVD",
        "id": "CVE-2023-23522"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "apple\u0027s \u00a0macOS\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004756"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1000"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-23522 (GCVE-0-2023-23522)

Vulnerability from cvelistv5

Vulnerability from github

Vulnerability from gsd

Vulnerability from fkie_nvd

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from variot

Tags

Sightings

Nomenclature