CVE-2023-23538: Input Validation
First published: Mon Mar 27 2023(Updated: )
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system
Credit: Mickey Jin @patch1t Zweig Kunlun LabJoshua Jones Zhuowei Zhang Mickey Jin @patch1t FFRI Security IncKoh M. Nakagawa FFRI Security Inc Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityYiğit Can YILMAZ @yilmazcanyigit Jubaer Alnazi Jabin TRS Group Of CompaniesWenchao Li Alibaba GroupXiaolong Bai Alibaba GroupAdam M. Guilherme Rambo Best Buddy AppsCVE-2023-0433 CVE-2023-0512 sqrtpwn Arsenii Kostromin (0x3c3e) Pan ZhenPeng STAR Labs SG PteTingting Yin Tsinghua UniversityAleksandar Nikolic Cisco TalosYe Zhang @VAR10CK Baidu Securityan anonymous researcher Murray Mike Félix Poulin-Bélanger David Pan Ogea Xinru Chi Pangu LabNed Williamson Google Project ZeroMohamed GHANNAM @_simo36 Brandon Dalton @partyD0lphin Red CanaryRıza Sabuncu @rizasabuncu JeongOhKyea Xin Huang @11iaxH CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 Gertjan Franken imecKU Leuven hazbinhotel Trend Micro Zero Day InitiativeGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ KasperskyBoris Larin @oct0xor Kaspersky KasperskyValentin Pashkov KasperskyAnonymous Trend Micro Zero Day InitiativeDohyun Lee @l33d0hyun SSD Labscrixer @pwning_me SSD LabsABC Research s.r.o. Mohamed Ghannam @_simo36 Chan Shue Long Offensive SecurityJunoh Lee at Theori CVE-2022-43551 CVE-2022-43552 Mikko Kenttälä ) @Turmio_ SensorFuJubaer Alnazi TRS Group of Companiesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesryuzaki Pan ZhenPeng @Peterpan0927 STAR Labs SG PteAdam Doupé ASU SEFCOMan anonymous researcher Red CanaryMilan Tenk F FArthur Valiev FdevelopStorm Khiem Tran Masahiro Kawada @kawakatz GMO Cybersecurity by Ierae Alibaba Group product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | <12.6.4 | |
| Apple iOS and macOS | >=13.0<13.3 | |
| macOS | <12.6.4 | 12.6.4 |
| macOS Ventura | <13.3 | 13.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213670 (Advisory)
- https://support.apple.com/en-us/HT213677 (Advisory)
- https://support.apple.com/en-us/102833 (Advisory)
- https://support.apple.com/en-us/120945 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-23540
- CVE-2023-23527
- CVE-2023-27951
- CVE-2023-27961
- CVE-2023-27955
- CVE-2023-27936
- CVE-2023-28181
- CVE-2023-40398
- CVE-2023-27935
- CVE-2023-27934
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-23537
- CVE-2023-32366
- CVE-2023-27937
- CVE-2023-27946
- CVE-2023-32378
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23536
- CVE-2023-23514
- CVE-2023-27933
- CVE-2023-28200
- CVE-2023-28185
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-27949
- CVE-2023-28182
- CVE-2023-23538
- CVE-2023-27962
- CVE-2023-27942
- CVE-2023-23533
- CVE-2023-28178
- CVE-2023-27963
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-27944
- CVE-2023-32436
- CVE-2023-27968
- CVE-2023-28209
- CVE-2023-28210
- CVE-2023-28211
- CVE-2023-28212
- CVE-2023-28213
- CVE-2023-28214
- CVE-2023-28215
- CVE-2023-32356
- CVE-2023-23532
- CVE-2023-27931
- CVE-2023-28179
- CVE-2023-42830
- CVE-2023-23543
- CVE-2023-23534
- CVE-2023-32426
- CVE-2022-43551
- CVE-2022-43552
- CVE-2023-28180
- CVE-2023-40433
- CVE-2023-28190
- CVE-2023-28195
- CVE-2023-27956
- CVE-2023-23526
- CVE-2023-27928
- CVE-2023-27939
- CVE-2023-27947
- CVE-2023-27948
- CVE-2023-42862
- CVE-2023-42865
- CVE-2023-23535
- CVE-2023-27929
- CVE-2023-27957
- CVE-2023-28187
- CVE-2023-27969
- CVE-2023-27943
- CVE-2023-23525
- CVE-2023-40383
- CVE-2023-27950
- CVE-2023-23523
- CVE-2023-32362
- CVE-2023-27952
- CVE-2023-27966
- CVE-2023-28188
- CVE-2023-0049
- CVE-2023-0051
- CVE-2023-0054
- CVE-2023-0288
- CVE-2023-32370
- CVE-2023-28198
- CVE-2023-32435
- CVE-2023-27932
- CVE-2023-27954
- CVE-2014-1745
- CVE-2023-32358
- CVE-2023-28201
Frequently Asked Questions
What is the severity of CVE-2023-23538?
The severity of CVE-2023-23538 is medium with a severity score of 5.5.
How does CVE-2023-23538 affect macOS Ventura?
CVE-2023-23538 affects macOS Ventura versions up to but excluding 13.3.
How does CVE-2023-23538 affect macOS Monterey?
CVE-2023-23538 affects macOS Monterey versions up to but excluding 12.6.4.
Is there a fix available for CVE-2023-23538?
Yes, the fix for CVE-2023-23538 is available in macOS Ventura 13.3 and macOS Monterey 12.6.4.
How can an app modify protected parts of the file system in relation to CVE-2023-23538?
CVE-2023-23538 allows an app to modify protected parts of the file system.
- collector/nvd-latest
- agent/type
- agent/first-publish-date
- agent/severity
- agent/trending
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/weakness
- agent/source
- agent/references
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- collector/apple-support
- source/Apple
- alias/CVE-2023-27958
- alias/CVE-2023-23537
- alias/CVE-2023-32366
- alias/CVE-2023-27937
- alias/CVE-2023-27946
- alias/CVE-2023-32378
- alias/CVE-2023-27941
- alias/CVE-2023-28199
- alias/CVE-2023-23536
- alias/CVE-2023-23514
- alias/CVE-2023-27933
- alias/CVE-2023-28200
- alias/CVE-2023-28185
- alias/CVE-2023-41075
- alias/CVE-2023-28189
- alias/CVE-2023-28197
- alias/CVE-2023-27949
- alias/CVE-2023-28182
- alias/CVE-2023-23538
- alias/CVE-2023-27962
- alias/CVE-2023-27942
- alias/CVE-2023-23533
- alias/CVE-2023-28178
- alias/CVE-2023-27963
- alias/CVE-2023-23542
- alias/CVE-2023-28192
- alias/CVE-2023-0433
- alias/CVE-2023-0512
- alias/CVE-2023-27944
- alias/CVE-2023-27955
- alias/CVE-2023-27936
- alias/CVE-2023-28181
- alias/CVE-2023-40398
- alias/CVE-2023-27935
- alias/CVE-2023-27934
- alias/CVE-2023-27953
- alias/CVE-2023-23527
- alias/CVE-2023-27951
- alias/CVE-2023-27961
- agent/softwarecombine
- agent/tags
- alias/CVE-2023-27957
- alias/CVE-2023-28187
- alias/CVE-2023-27969
- alias/CVE-2023-27943
- alias/CVE-2023-23525
- alias/CVE-2023-40383
- alias/CVE-2023-27950
- alias/CVE-2023-23523
- alias/CVE-2023-32362
- alias/CVE-2023-27952
- alias/CVE-2023-27966
- alias/CVE-2023-27931
- alias/CVE-2023-28188
- alias/CVE-2023-0049
- alias/CVE-2023-0051
- alias/CVE-2023-0054
- alias/CVE-2023-0288
- alias/CVE-2023-32370
- alias/CVE-2023-28198
- alias/CVE-2023-32435
- alias/CVE-2023-27932
- alias/CVE-2023-27954
- alias/CVE-2014-1745
- alias/CVE-2023-32358
- alias/CVE-2023-28201
- alias/CVE-2023-27928
- alias/CVE-2023-27939
- alias/CVE-2023-27947
- alias/CVE-2023-27948
- alias/CVE-2023-42862
- alias/CVE-2023-42865
- alias/CVE-2023-23535
- alias/CVE-2023-27929
- alias/CVE-2023-40433
- alias/CVE-2023-28190
- alias/CVE-2023-28195
- alias/CVE-2023-27956
- alias/CVE-2023-23526
- alias/CVE-2023-23543
- alias/CVE-2023-23534
- alias/CVE-2023-32426
- alias/CVE-2022-43551
- alias/CVE-2022-43552
- alias/CVE-2023-28180
- alias/CVE-2023-28179
- alias/CVE-2023-42830
- alias/CVE-2023-28209
- alias/CVE-2023-28210
- alias/CVE-2023-28211
- alias/CVE-2023-28212
- alias/CVE-2023-28213
- alias/CVE-2023-28214
- alias/CVE-2023-28215
- alias/CVE-2023-32356
- alias/CVE-2023-23532
- alias/CVE-2023-27968
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/13.0
- canonical/macos
- canonical/macos ventura