CVE-2023-28197

LOW

Apple Macos < 11.7.5 - Improper Access Control

Title source: rule

Description

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.

Exploits (1)

nomisec WRITEUP 4 stars

by spotlightishere · poc

https://github.com/spotlightishere/inputcontrol

View Code ZIP pw:eip

References (3)

Core 3

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213670

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213675

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213677

Scores

CVSS v3 3.3

EPSS 0.0007

EPSS Percentile 21.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

apple/macos < 11.7.5

Published Jan 10, 2024

Tracked Since Feb 18, 2026