CVE-2023-40429
MEDIUMApple iPadOS < 17.0 - Unprotected User Data Exposure via Permissions Issue
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-40429. PoCs published by biscuitehh.
AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-40429, an entitlement bypass in iOS 16 that allowed third-party apps to access the device hostname without proper authorization. The writeup includes the root cause, timeline, and Apple's response.
Description
A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.
Exploits (1)
This repository provides a detailed technical analysis of CVE-2023-40429, an entitlement bypass in iOS 16 that allowed third-party apps to access the device hostname without proper authorization. The writeup includes the root cause, timeline, and Apple's response.
References (12)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N