CVE-2023-23520
MEDIUMiPadOS < 16.3 - Arbitrary File Read as Root via Race Condition
Title source: llmDescription
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
References (4)
Core 4
Core References
Vendor Advisory
https://support.apple.com/en-us/HT213605
Vendor Advisory
https://support.apple.com/en-us/HT213606
Vendor Advisory
https://support.apple.com/en-us/HT213599
Vendor Advisory
https://support.apple.com/en-us/HT213601
Scores
CVSS v3
5.9
EPSS
0.0015
EPSS Percentile
35.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-367
Status
published
Products (3)
apple/ipados
< 16.3
apple/iphone_os
< 16.3
apple/macos
< 13.2
Published
Feb 27, 2023
Tracked Since
Feb 18, 2026