CVE-2023-28197
LOWmacOS < 11.7.5 - Unprotected User Data Exposure via Sandbox Restriction Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-28197. PoCs published by spotlightishere.
AI-analyzed exploit summary This repository references a proof-of-concept application for CVE-2023-28197, paired with a blog post for technical details. It does not contain exploit code but provides context and analysis.
Description
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.
Exploits (1)
nomisec
WRITEUP
4 stars
by spotlightishere · poc
https://github.com/spotlightishere/inputcontrol
This repository references a proof-of-concept application for CVE-2023-28197, paired with a blog post for technical details. It does not contain exploit code but provides context and analysis.
Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target:
Apple (specific software not specified)
No auth needed
Prerequisites:
Access to the referenced blog post for technical details
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
References (3)
Core 3
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213670
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213675
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213677
Scores
CVSS v3
3.3
EPSS
0.0038
EPSS Percentile
30.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
apple/macos
< 11.7.5
Published
Jan 10, 2024
Tracked Since
Feb 18, 2026