PT-2023-7177 · Apple · Macos Sonoma+5
Bistrit Dahal
·
Publicado
2023-10-25
·
Atualizado
2024-09-10
·
CVE-2023-41988
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
macOS Sonoma versions prior to 14.1
watchOS versions prior to 10.1
iOS versions prior to 17.1
iPadOS versions prior to 17.1
Description
The issue is related to insufficient access control in the Siri personal assistant, which may allow an attacker with physical access to use Siri and access sensitive user data. This is possible due to the lack of proper restrictions on options offered on a locked device.
Recommendations
For macOS Sonoma versions prior to 14.1, update to version 14.1 to resolve the issue.
For watchOS versions prior to 10.1, update to version 10.1 to resolve the issue.
For iOS versions prior to 17.1, update to version 17.1 to resolve the issue.
For iPadOS versions prior to 17.1, update to version 17.1 to resolve the issue.
As a temporary workaround, consider restricting access to Siri on locked devices to minimize the risk of exploitation.
Correção
Improper Access Control
Incorrect Privilege Assignment
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Apple Macos
Siri
Ios
Ipados
Macos Sonoma
Watchos