CVE-2023-40438

MEDIUM

Apple Ipados < 16.7 - Denial of Service

Title source: rule

Description

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.

References (4)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213927

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213940

[Vendor Advisory] https://support.apple.com/kb/HT213927

[Vendor Advisory] https://support.apple.com/kb/HT213940

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-379

Status published

Affected Products (3)

apple/ipados < 16.7

apple/iphone_os < 16.7

apple/macos < 14.0

Timeline

Published Jan 10, 2024

Tracked Since Feb 18, 2026