CVE-2023-32437
In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Accessibility", "AppleEvents", "AppleMobileFileIntegrity", "Associated Domains", "Contacts", "CoreLocation","CoreCapture", "Core Services", "CUPS", "dcerpc", "Dev Tools", "DesktopServices", "GeoServices", "ImageIO", "IOSurface", "IOSurfaceAccelerator", "Kernel, "LaunchServices", "libxpc", "Metal", "Model I/O", "NetworkExtension", "PackageKit", "PDFKit", "Perl", "Photos", "Sandbox", "Screen Saver","Shell", "Security", "Shortcuts", "Siri", "SQLite", "StorageKit", "System Settings", "Telephony", "TV App", "Weather", "WebKit" sowie "Wi-Fi". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.
EPSS 0.09% · 26.2th percentile
Risk Scores
Timeline
- May 18, 2023 CVE Published
- Jul 27, 2023 EPSS Score
- Aug 30, 2023 EPSS Score
- Oct 3, 2023 EPSS Score
- Nov 6, 2023 EPSS Score
- Dec 10, 2023 EPSS Score
- Jan 13, 2024 EPSS Score
- Feb 16, 2024 EPSS Score
- Mar 21, 2024 EPSS Score
- Apr 24, 2024 EPSS Score
- May 28, 2024 EPSS Score
- Jul 1, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1251.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1251 advisory
- https://support.apple.com/HT213758 advisory
- https://support.apple.com/HT213759 advisory
- https://support.apple.com/HT213760 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1874.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1874 advisory
- https://support.apple.com/en-us/HT213841 advisory
- https://support.apple.com/en-us/HT213842 advisory