PT-2023-8420 · Apple · Applemobilefileintegrity+4
Patch1T
·
Published
2023-09-26
·
Updated
2024-01-17
·
CVE-2023-42872
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AppleMobileFileIntegrity versions prior to macOS Sonoma 14
Safari versions prior to iOS 17
Safari versions prior to iPadOS 17
Description
The issue is related to errors in processing permissions in the AppleMobileFileIntegrity component of the Safari browser, as well as in the macOS, iOS, and iPadOS operating systems. Exploitation of the issue may allow an attacker to disclose protected information. An app may be able to access sensitive user data.
Recommendations
For versions prior to macOS Sonoma 14, update to macOS Sonoma 14 to resolve the issue.
For versions prior to iOS 17, update to iOS 17 to resolve the issue.
For versions prior to iPadOS 17, update to iPadOS 17 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive user data until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Applemobilefileintegrity
Apple Macos
Safari
Ios
Ipados