First published: Mon Mar 27 2023(Updated: )
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass Privacy preferences.
Credit: Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple watchOS | <9.4 | 9.4 |
Apple tvOS | <16.4 | 16.4 |
Apple Ipad Os | <16.4 | |
Apple iPhone OS | <16.4 | |
Apple macOS | >=12.0<12.6.4 | |
Apple macOS | >=13.0<13.3 | |
<12.6.4 | 12.6.4 | |
<16.4 | 16.4 | |
<16.4 | 16.4 | |
Apple macOS Ventura | <13.3 | 13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2023-28178.
The severity of CVE-2023-28178 is medium.
CVE-2023-28178 affects the following products and versions: Apple tvOS 16.4, Apple iOS up to version 16.4, Apple iPhone OS up to version 16.4, Apple macOS between version 12.0 and 12.6.4, Apple macOS between version 13.0 and 13.3, Apple watchOS up to version 9.4, Apple macOS Ventura up to version 13.3, Apple iOS up to version 16.4, Apple iPadOS up to version 16.4, and Apple macOS Monterey up to version 12.6.4.
An app can bypass Privacy preferences due to CVE-2023-28178.
To fix CVE-2023-28178, update to the latest available software versions: macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4.