PT-2023-5992 · Apple · Macos Monterey+3
Gergely Kalman
+1
·
Published
2023-07-24
·
Updated
2023-10-05
·
CVE-2023-38571
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
macOS Big Sur versions 11.7.9 and earlier
macOS Monterey versions 12.6.8 and earlier
macOS Ventura versions 13.5 and earlier
Description
This issue is related to the Privacy preferences component of macOS and is associated with the tracking of symbolic links. The exploitation of this issue may allow an attacker to bypass privacy settings. The issue was addressed with improved validation of symlinks. An app may be able to bypass Privacy preferences.
Recommendations
For macOS Big Sur versions prior to 11.7.9, update to version 11.7.9 to resolve the issue.
For macOS Monterey versions prior to 12.6.8, update to version 12.6.8 to resolve the issue.
For macOS Ventura versions prior to 13.5, update to version 13.5 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Macos Big Sur
Macos Monterey
Macos Ventura