var-202302-1170
Vulnerability from variot
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained. Information about the security content is also available at https://support.apple.com/HT213633.
Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero
Shortcuts Available for: macOS Ventura Impact: An app may be able to observe unprotected user data Description: A privacy issue was addressed with improved handling of temporary files. CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. WebKit Bugzilla: 251944 CVE-2023-23529: an anonymous researcher
macOS Ventura 13.2.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0 T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz 5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF 32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9 JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0 6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw= =2kFu -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1170", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.2" }, { "model": "macos", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "macos", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "13.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "NVD", "id": "CVE-2023-23522" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "170996" } ], "trust": 0.1 }, "cve": "CVE-2023-23522", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-23522", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-23522", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2023-23522", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2023-23522", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202302-1000", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "CNNVD", "id": "CNNVD-202302-1000" }, { "db": "NVD", "id": "CVE-2023-23522" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. apple\u0027s macOS Exists in unspecified vulnerabilities.Information may be obtained. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213633. \n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google\nProject Zero\n\nShortcuts\nAvailable for: macOS Ventura\nImpact: An app may be able to observe unprotected user data\nDescription: A privacy issue was addressed with improved handling of\ntemporary files. \nCVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nWebKit Bugzilla: 251944\nCVE-2023-23529: an anonymous researcher\n\nmacOS Ventura 13.2.1 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke\nNxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz\nAz+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0\nT0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz\n5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S\nHSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF\n32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG\nNYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9\nJrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU\nhW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0\n6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf\nEIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw=\n=2kFu\n-----END PGP SIGNATURE-----\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2023-23522" }, { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "VULHUB", "id": "VHN-451833" }, { "db": "PACKETSTORM", "id": "170996" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-23522", "trust": 3.5 }, { "db": "JVNDB", "id": "JVNDB-2023-004756", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202302-1000", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-451833", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2023-23522", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170996", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-451833" }, { "db": "VULMON", "id": "CVE-2023-23522" }, { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "PACKETSTORM", "id": "170996" }, { "db": "CNNVD", "id": "CNNVD-202302-1000" }, { "db": "NVD", "id": "CVE-2023-23522" } ] }, "id": "VAR-202302-1170", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-451833" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:13:32.065000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT213633 Apple\u00a0 Security update", "trust": 0.8, "url": "https://support.apple.com/en-us/HT213633" }, { "title": "Apple macOS Ventura Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226950" }, { "title": "Apple: macOS Ventura 13.2.1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4ef147b74f6732097f493be9b69df642" }, { "title": null, "trust": 0.1, "url": "https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-23522" }, { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "CNNVD", "id": "CNNVD-202302-1000" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "NVD", "id": "CVE-2023-23522" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.apple.com/en-us/ht213633" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23522" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-23522/" }, { "trust": 0.1, "url": "https://www.theregister.co.uk/2023/02/15/apple_patches_zeroday_vulnerability/" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht213633" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23529" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://support.apple.com/ht213633." }, { "trust": 0.1, "url": "https://support.apple.com/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23514" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht201222." } ], "sources": [ { "db": "VULHUB", "id": "VHN-451833" }, { "db": "VULMON", "id": "CVE-2023-23522" }, { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "PACKETSTORM", "id": "170996" }, { "db": "CNNVD", "id": "CNNVD-202302-1000" }, { "db": "NVD", "id": "CVE-2023-23522" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-451833" }, { "db": "VULMON", "id": "CVE-2023-23522" }, { "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "db": "PACKETSTORM", "id": "170996" }, { "db": "CNNVD", "id": "CNNVD-202302-1000" }, { "db": "NVD", "id": "CVE-2023-23522" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-27T00:00:00", "db": "VULHUB", "id": "VHN-451833" }, { "date": "2023-11-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "date": "2023-02-15T17:38:42", "db": "PACKETSTORM", "id": "170996" }, { "date": "2023-02-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1000" }, { "date": "2023-02-27T20:15:14.580000", "db": "NVD", "id": "CVE-2023-23522" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-03-08T00:00:00", "db": "VULHUB", "id": "VHN-451833" }, { "date": "2023-11-01T08:30:00", "db": "JVNDB", "id": "JVNDB-2023-004756" }, { "date": "2023-03-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1000" }, { "date": "2023-07-27T04:15:14.807000", "db": "NVD", "id": "CVE-2023-23522" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1000" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "apple\u0027s \u00a0macOS\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004756" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1000" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.