CVE-2023-40421

MEDIUM

macOS 12.0.0-12.7.0 - Unprotected User Data Exposure via Permissions Issue

Title source: llm
STIX 2.1

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.

References (9)

Core 9
Core References
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/21
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/24
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/26
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213983
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213984
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213985
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT213983
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT213984
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT213985

Scores

CVSS v3 5.5
EPSS 0.0002
EPSS Percentile 7.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (1)
apple/macos 12.0.0 - 12.7.1
Published Oct 25, 2023
Tracked Since Feb 18, 2026