CVE-2023-23502

MEDIUM

Apple Ipados < 16.3 - Out-of-Bounds Read

Title source: rule

Description

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout.

References (5)

Core 5

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213599

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213601

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213604

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213605

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213606

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 34.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (5)

apple/ipados < 16.3

apple/iphone_os < 16.3

apple/macos 12.0.0 - 12.6.3

apple/tvos < 16.3

apple/watchos < 9.3

Published Feb 27, 2023

Tracked Since Feb 18, 2026