PT-2023-4191 · Apple · Libxpc+1

R3Df09

Publicado

2023-07-24

Atualizado

2023-08-03

CVE-2023-38565

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libxpc versions prior to macOS Monterey 12.6.8 libxpc versions prior to iOS 16.6 libxpc versions prior to iPadOS 16.6 libxpc versions prior to macOS Big Sur 11.7.9 libxpc versions prior to macOS Ventura 13.5 libxpc versions prior to watchOS 9.6

Description The issue is related to a path handling problem that has been addressed with improved validation. This allows an app to potentially gain root privileges, enabling a malicious actor to elevate their privileges.

Recommendations For versions prior to macOS Monterey 12.6.8, update to macOS Monterey 12.6.8 or later. For versions prior to iOS 16.6, update to iOS 16.6 or later. For versions prior to iPadOS 16.6, update to iPadOS 16.6 or later. For versions prior to macOS Big Sur 11.7.9, update to macOS Big Sur 11.7.9 or later. For versions prior to macOS Ventura 13.5, update to macOS Ventura 13.5 or later. For versions prior to watchOS 9.6, update to watchOS 9.6 or later.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

BDU:2023-04506

CVE-2023-38565

Produtos afetados

Apple Macos

Libxpc

PT-2023-4191 · Apple · Libxpc+1

CVE-2023-38565

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15