CVE-2023-38571

HIGH

macOS < 11.7.9 - Privacy Preferences Bypass via Symlink Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-38571. PoCs published by gergelykalman.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-38571, a macOS TCC bypass vulnerability in Music and TV apps. The exploit leverages an insecure rename operation to overwrite the user's TCC.db, granting full disk access (FDA) via a symlink race condition.

Description

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.

Exploits (1)

nomisec WORKING POC 13 stars
by gergelykalman · poc
https://github.com/gergelykalman/CVE-2023-38571-a-macOS-TCC-bypass-in-Music-and-TV

This repository contains a functional exploit for CVE-2023-38571, a macOS TCC bypass vulnerability in Music and TV apps. The exploit leverages an insecure rename operation to overwrite the user's TCC.db, granting full disk access (FDA) via a symlink race condition.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: macOS Music and TV apps (specific versions not specified)
No auth needed
Prerequisites: Access to the target macOS system · Ability to create files in the Music/TV app's auto-add directory
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.5
EPSS 0.0129
EPSS Percentile 66.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

Status published
Products (1)
apple/macos < 11.7.9
Published Jul 28, 2023
Tracked Since Feb 18, 2026