CVE-2023-42846
MEDIUMiPadOS < 16.7.2 - Wi-Fi MAC Address Passive Tracking
Title source: llmDescription
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.
References (12)
Core 12
Core References
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/19
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/22
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/23
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/25
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213981
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213982
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213987
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213988
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT213981
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT213982
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT213987
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT213988
Scores
CVSS v3
5.3
EPSS
0.0022
EPSS Percentile
44.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (4)
apple/ipados
< 16.7.2
apple/iphone_os
< 16.7.2
apple/tvos
< 17.1
apple/watchos
< 10.1
Published
Oct 25, 2023
Tracked Since
Feb 18, 2026