First published: Thu May 18 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: Adam M. Kirin @Pwnrin Mickey Jin @patch1t Sergii Kryvoblotskyi MacPaw IncABC Research s.r.o. James Duffy (mangoSecure) Gerhard Muth Dimitrios Tatsis Cisco TalosZitong Wu (吴梓桐) Zhuhai NoMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfAdam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Michael DePlante @izobashi Trend Micro Zero Day InitiativeThijs Alkemade Computest Sector 7Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityWenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga Ivan Fratric Google Project ZeroWojciech Regula SecuRingIgnacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty InternationalPan ZhenPeng @Peterpan0927 STAR Labs SG PteMohamed GHANNAM @_simo36 Amat Cama Vigilant Labs Google Project ZeroJiwon Park product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS | <16.5 | 16.5 |
Apple iPadOS | <16.5 | 16.5 |
Apple macOS | <13.4 | 13.4 |
watchOS | <9.5 | 9.5 |
Apple iPadOS | <16.5 | |
Apple iPhone OS | <16.5 | |
Apple macOS | >=13.0<13.4 | |
tvOS | <16.5 | |
watchOS | <9.5 | |
tvOS | <16.5 | 16.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2023-32399.
The severity of CVE-2023-32399 is medium with a severity value of 5.5.
CVE-2023-32399 affects iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4.
An app may be able to read sensitive location information due to CVE-2023-32399.
CVE-2023-32399 was fixed with improved handling of caches in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4.