CVE-2023-38609

HIGH

macOS Ventura <13.5 - Privilege Escalation

Title source: llm

Description

An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.

Exploits (1)

nomisec WORKING POC 3 stars

by mc-17 · poc

https://github.com/mc-17/CVE-2023-38609

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory

https://support.apple.com/en-us/HT213843

Vendor Advisory

https://support.apple.com/kb/HT213843

Scores

CVSS v3 7.5

EPSS 0.0074

EPSS Percentile 73.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-74

Status published

Products (1)

apple/macos 13.0 - 13.5

Published Jul 28, 2023

Tracked Since Feb 18, 2026