CVE-2023-32407

Name of the Vulnerable Software and Affected Versions watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 iOS versions prior to 15.7.6 and prior to 16.5 iPadOS versions prior to 15.7.6 and prior to 16.5 macOS Big Sur versions prior to 11.7.7 macOS Monterey versions prior to 12.6.6

Description A logic issue was addressed with improved state management, allowing an app to potentially bypass Privacy preferences. This issue is related to insecure privilege management in the Metal component of MacOS, iOS, tvOS, iPadOS, and watchOS operating systems, which may enable an attacker to bypass privacy settings and execute arbitrary code. No user interaction is required for exploitation, and it may allow access to sensitive information such as contacts and camera control.

Recommendations For watchOS versions prior to 9.5, update to watchOS 9.5 or later. For tvOS versions prior to 16.5, update to tvOS 16.5 or later. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 or later. For iOS versions prior to 15.7.6, update to iOS 15.7.6 or later. For iOS versions prior to 16.5, update to iOS 16.5 or later. For iPadOS versions prior to 15.7.6, update to iPadOS 15.7.6 or later. For iPadOS versions prior to 16.5, update to iPadOS 16.5 or later. For macOS Big Sur versions prior to 11.7.7, update to macOS Big Sur 11.7.7 or later. For macOS Monterey versions prior to 12.6.6, update to macOS Monterey 12.6.6 or later.