PT-2023-8423 · Apple · Core Image+3
Wojciech Regula
·
Published
2023-09-26
·
Updated
2024-01-17
·
CVE-2023-40438
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
macOS versions prior to 14
iOS versions prior to 16.7
iPadOS versions prior to 16.7
Description
The issue is related to the handling of temporary files, which may allow an app to access edited photos saved to a temporary directory. This could potentially lead to unauthorized access to sensitive data. The problem is associated with a lack of protection for service data in the Core Image component of the operating systems.
Recommendations
For macOS versions prior to 14, update to macOS Sonoma 14 to resolve the issue.
For iOS versions prior to 16.7, update to iOS 16.7 to resolve the issue.
For iPadOS versions prior to 16.7, update to iPadOS 16.7 to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Core Image
Apple Macos
Ios
Ipados