CVE-2023-32386 — Vulnetix

CVE-2023-32386 PUBLISHED CVSS 8.600000381469727 HIGH

In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Accessibility", "AppleEvents", "AppleMobileFileIntegrity", "Associated Domains", "Contacts", "CoreLocation","CoreCapture", "Core Services", "CUPS", "dcerpc", "Dev Tools", "DesktopServices", "GeoServices", "ImageIO", "IOSurface", "IOSurfaceAccelerator", "Kernel, "LaunchServices", "libxpc", "Metal", "Model I/O", "NetworkExtension", "PackageKit", "PDFKit", "Perl", "Photos", "Sandbox", "Screen Saver","Shell", "Security", "Shortcuts", "Siri", "SQLite", "StorageKit", "System Settings", "Telephony", "TV App", "Weather", "WebKit" sowie "Wi-Fi". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.

EPSS 0.10% · 27.4th percentile

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.10%

27.4th percentile

Timeline

May 18, 2023 CVE Published
Jun 24, 2023 EPSS Score
Jul 29, 2023 EPSS Score
Sep 2, 2023 EPSS Score
Oct 7, 2023 EPSS Score
Nov 12, 2023 EPSS Score
Dec 17, 2023 EPSS Score
Jan 21, 2024 EPSS Score
Feb 25, 2024 EPSS Score
Mar 31, 2024 EPSS Score
May 5, 2024 EPSS Score
Jun 9, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1251.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1251 advisory
https://support.apple.com/HT213758 advisory
https://support.apple.com/HT213759 advisory
https://support.apple.com/HT213760 advisory

Open in Interactive Console →