PT-2023-7177 · Apple · Macos Sonoma+5
Bistrit Dahal
·
Published
2023-10-25
·
Updated
2024-09-10
·
CVE-2023-41988
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
macOS Sonoma versions prior to 14.1
watchOS versions prior to 10.1
iOS versions prior to 17.1
iPadOS versions prior to 17.1
Description
The issue is related to insufficient access control in the Siri personal assistant, which may allow an attacker with physical access to use Siri and access sensitive user data. This is possible due to the lack of proper restrictions on options offered on a locked device.
Recommendations
For macOS Sonoma versions prior to 14.1, update to version 14.1 to resolve the issue.
For watchOS versions prior to 10.1, update to version 10.1 to resolve the issue.
For iOS versions prior to 17.1, update to version 17.1 to resolve the issue.
For iPadOS versions prior to 17.1, update to version 17.1 to resolve the issue.
As a temporary workaround, consider restricting access to Siri on locked devices to minimize the risk of exploitation.
Fix
Improper Access Control
Incorrect Privilege Assignment
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Siri
Ios
Ipados
Macos Sonoma
Watchos