CVE-2023-32365: Input Validation
First published: Thu May 18 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: Jiwon Park product-security@apple.com Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeLinus Henze Pinauten GmbHCertiK SkyFall Team Pinauten GmbH08Tc3wBB JamfAdam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project Zero Google Project ZeroNed Williamson Google Project ZeroGergely Kalman @gergely_kalman Mickey Jin @patch1t Adam M. Thijs Alkemade Computest Sector 7Jonathan Fritz Julian Szulc Yiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityJames Duffy (mangoSecure) Kirin @Pwnrin Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit Satish Panduranga Ivan Fratric Google Project ZeroWojciech Regula SecuRingIgnacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty InternationalPan ZhenPeng @Peterpan0927 STAR Labs SG PteMeysam Firouzi @R00tkitSMM Mbition MercedesSergii Kryvoblotskyi MacPaw IncMohamed GHANNAM @_simo36 Amat Cama Vigilant Labs
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <16.5 | 16.5 |
| Apple iOS, iPadOS, and watchOS | <16.5 | 16.5 |
| Apple iOS, iPadOS, and watchOS | <15.7.6 | 15.7.6 |
| Apple iOS, iPadOS, and watchOS | <15.7.6 | 15.7.6 |
| Apple iOS, iPadOS, and watchOS | <15.7.6 | |
| Apple iOS, iPadOS, and watchOS | >=16.0<16.5 | |
| iStyle @cosme iPhone OS | <15.7.6 | |
| iStyle @cosme iPhone OS | >=16.0<16.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32388
- CVE-2023-32400
- CVE-2023-34352
- CVE-2023-32425
- CVE-2023-32411
- CVE-2023-32371
- CVE-2023-32419
- CVE-2023-32399
- CVE-2023-28191
- CVE-2023-32392
- CVE-2023-32372
- CVE-2023-32384
- CVE-2023-32354
- CVE-2023-32420
- CVE-2023-27930
- CVE-2023-32398
- CVE-2023-32413
- CVE-2023-32352
- CVE-2023-29469
- CVE-2023-42869
- CVE-2023-32428
- CVE-2023-32407
- CVE-2023-32368
- CVE-2023-32403
- CVE-2023-32437
- CVE-2023-32385
- CVE-2023-32365
- CVE-2023-32390
- CVE-2023-32357
- CVE-2023-32367
- CVE-2023-32432
- CVE-2023-32391
- CVE-2023-32404
- CVE-2023-32394
- CVE-2023-32422
- CVE-2023-32376
- CVE-2023-28202
- CVE-2023-32412
- CVE-2023-32408
- CVE-2023-32415
- CVE-2023-32402
- CVE-2023-32423
- CVE-2023-32409
- CVE-2023-28204
- CVE-2023-32373
- CVE-2023-32389
- CVE-2023-23532
- CVE-2023-28181
- CVE-2023-32410
- CVE-2023-27940
- CVE-2023-32397
Frequently Asked Questions
What is CVE-2023-32365?
CVE-2023-32365 is a vulnerability in the Photos app on iOS and iPadOS devices that allowed a deleted photo to be re-surfaced without authentication.
How was CVE-2023-32365 fixed?
CVE-2023-32365 was fixed in iOS 15.7.6 and iPadOS 15.7.6, as well as iOS 16.5 and iPadOS 16.5, with improved checks in the Photos app.
What is the severity level of CVE-2023-32365?
The severity level of CVE-2023-32365 is low with a CVSS score of 2.4.
What Apple devices are affected by CVE-2023-32365?
CVE-2023-32365 affects iOS devices running iOS versions up to 15.7.6 and 16.5, as well as iPadOS devices running versions up to 15.7.6 and 16.5.
Where can I find more information about CVE-2023-32365?
You can find more information about CVE-2023-32365 on the Apple support website: [link](https://support.apple.com/en-us/HT213757) and [link](https://support.apple.com/en-us/HT213765).
- agent/type
- agent/first-publish-date
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- agent/weakness
- agent/description
- agent/author
- collector/apple-support
- source/Apple
- alias/CVE-2023-32392
- alias/CVE-2023-32372
- alias/CVE-2023-32384
- alias/CVE-2023-32354
- alias/CVE-2023-32420
- alias/CVE-2023-27930
- alias/CVE-2023-32398
- alias/CVE-2023-32413
- alias/CVE-2023-32352
- alias/CVE-2023-29469
- alias/CVE-2023-42869
- alias/CVE-2023-32428
- alias/CVE-2023-32407
- alias/CVE-2023-32368
- alias/CVE-2023-32403
- alias/CVE-2023-32437
- alias/CVE-2023-32385
- alias/CVE-2023-32365
- alias/CVE-2023-32390
- alias/CVE-2023-32357
- alias/CVE-2023-32367
- alias/CVE-2023-32432
- alias/CVE-2023-32391
- alias/CVE-2023-32404
- alias/CVE-2023-32394
- alias/CVE-2023-32422
- alias/CVE-2023-32376
- alias/CVE-2023-28202
- alias/CVE-2023-32412
- alias/CVE-2023-32408
- alias/CVE-2023-32415
- alias/CVE-2023-32402
- alias/CVE-2023-32423
- alias/CVE-2023-32409
- alias/CVE-2023-28204
- alias/CVE-2023-32373
- alias/CVE-2023-32389
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2023-34352
- alias/CVE-2023-32425
- alias/CVE-2023-32411
- alias/CVE-2023-32371
- alias/CVE-2023-32419
- alias/CVE-2023-32399
- alias/CVE-2023-28191
- alias/CVE-2023-32400
- agent/references
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-index
- vendor/apple
- canonical/apple ios, ipados, and watchos
- version/apple ios, ipados, and watchos/16.0
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/16.0