PT-2023-4191 · Apple · Libxpc+1
R3Df09
+1
·
Published
2023-07-24
·
Updated
2023-08-03
·
CVE-2023-38565
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libxpc versions prior to macOS Monterey 12.6.8
libxpc versions prior to iOS 16.6
libxpc versions prior to iPadOS 16.6
libxpc versions prior to macOS Big Sur 11.7.9
libxpc versions prior to macOS Ventura 13.5
libxpc versions prior to watchOS 9.6
Description
The issue is related to a path handling problem that has been addressed with improved validation. This allows an app to potentially gain root privileges, enabling a malicious actor to elevate their privileges.
Recommendations
For versions prior to macOS Monterey 12.6.8, update to macOS Monterey 12.6.8 or later.
For versions prior to iOS 16.6, update to iOS 16.6 or later.
For versions prior to iPadOS 16.6, update to iPadOS 16.6 or later.
For versions prior to macOS Big Sur 11.7.9, update to macOS Big Sur 11.7.9 or later.
For versions prior to macOS Ventura 13.5, update to macOS Ventura 13.5 or later.
For versions prior to watchOS 9.6, update to watchOS 9.6 or later.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Libxpc