CVE-2023-23520: Race Condition
First published: Mon Jan 23 2023(Updated: )
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
Credit: Cees Elzinga Cees Elzinga Cees Elzinga Cees Elzinga product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <9.3 | 9.3 |
| Apple tvOS | <16.3 | 16.3 |
| <13.2 | 13.2 | |
| Apple iOS | <16.3 | 16.3 |
| Apple iPadOS | <16.3 | 16.3 |
| Apple iPadOS | <16.3 | |
| Apple iPhone OS | <16.3 | |
| Apple macOS | <13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213599 (Advisory)
- https://support.apple.com/en-us/HT213601 (Advisory)
- https://support.apple.com/en-us/HT213605 (Advisory)
- https://support.apple.com/en-us/HT213606 (Advisory)
- https://support.apple.com/kb/HT213599
- https://support.apple.com/kb/HT213606
- https://support.apple.com/kb/HT213605
- https://support.apple.com/kb/HT213601
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32438
- CVE-2023-23499
- CVE-2023-23520
- CVE-2023-41990
- CVE-2023-23519
- CVE-2023-23500
- CVE-2023-23502
- CVE-2023-23504
- CVE-2023-23503
- CVE-2023-23512
- CVE-2023-23505
- CVE-2023-23511
- CVE-2023-32393
- CVE-2022-0108
- CVE-2023-23496
- CVE-2023-23518
- CVE-2023-23517
- CVE-2022-42915
- CVE-2022-42916
- CVE-2022-32221
- CVE-2022-35260
- CVE-2023-23539
- CVE-2023-23513
- CVE-2023-23493
- CVE-2023-23530
- CVE-2023-23531
- CVE-2023-23507
- CVE-2023-23516
- CVE-2023-23506
- CVE-2023-23498
- CVE-2023-28208
- CVE-2023-23497
- CVE-2023-23510
- CVE-2022-3705
- CVE-2023-23501
- CVE-2023-23508
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-23520.
What is the severity of CVE-2023-23520?
The severity of CVE-2023-23520 is medium with a CVSS score of 5.9.
Which software versions are affected by CVE-2023-23520?
CVE-2023-23520 affects watchOS versions up to and excluding 9.3, tvOS versions up to and excluding 16.3, macOS Ventura versions up to and excluding 13.2, iOS versions up to and excluding 16.3, and iPadOS versions up to and excluding 16.3.
How was CVE-2023-23520 addressed?
CVE-2023-23520 was addressed by fixing the race condition with additional validation in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3.
What is the impact of CVE-2023-23520?
The impact of CVE-2023-23520 is that a user may be able to read arbitrary files as root.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- collector/nvd-api
- collector/nvd-index
- vendor/apple
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple macos ventura
- canonical/apple ios
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos