CVE-2023-40389

Published Jun 10, 2024

Last updated 6 months ago

CVSS medium 5.5

Overview

Description: The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Apple security research summary: 2023: CVE-2023-40389 CVE-2023-40424 CVE-2023-42913 2024: CVE-2024-23281 CVE-2024-23229 CVE-2024-23260 1 Additional Recognition 2025: ?
@JoshJewett33
14 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80A8C181-92A9-459F-8DF5-466763A8FF1A",
            "versionEndExcluding": "12.7.4"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956",
            "versionEndExcluding": "13.6.5",
            "versionStartIncluding": "13.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References