CVE-2023-38565
First published: Mon Jul 24 2023(Updated: )
libxpc. A path handling issue was addressed with improved validation.
Credit: Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.6 | 16.6 |
| Apple iPadOS | <16.6 | 16.6 |
| Apple iOS | <15.7.8 | 15.7.8 |
| Apple iPadOS | <15.7.8 | 15.7.8 |
| <13.5 | 13.5 | |
| <12.6.8 | 12.6.8 | |
| Apple macOS Big Sur | <11.7.9 | 11.7.9 |
| Apple tvOS | <16.6 | 16.6 |
| Apple watchOS | <9.6 | 9.6 |
| Apple iPadOS | <15.7.8 | |
| Apple iPadOS | >=16.0<16.6 | |
| Apple iPhone OS | <15.7.8 | |
| Apple iPhone OS | >=16.0<16.6 | |
| Apple macOS | <11.7.9 | |
| Apple macOS | >=12.0<12.6.8 | |
| Apple macOS | >=13.0<13.5 | |
| Apple tvOS | <16.6 | |
| Apple watchOS | <9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213841 (Advisory)
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://support.apple.com/en-us/HT213844 (Advisory)
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213848 (Advisory)
- https://support.apple.com/kb/HT213842
- https://support.apple.com/kb/HT213846
- https://support.apple.com/en-us/HT213846 (Advisory)
- https://support.apple.com/kb/HT213845
- https://support.apple.com/en-us/HT213842 (Advisory)
- https://support.apple.com/kb/HT213841
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-36495
- CVE-2023-38604
- CVE-2023-32734
- CVE-2023-32441
- CVE-2023-38606
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38593
- CVE-2023-38565
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38572
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38133
- CVE-2023-40442
- CVE-2023-34425
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-41990
- CVE-2023-36854
- CVE-2023-32418
- CVE-2023-38603
- CVE-2023-37285
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38259
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32422
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-32416
- CVE-2023-40440
- CVE-2023-38421
- CVE-2023-38258
- CVE-2023-1916
- CVE-2023-32442
- CVE-2023-38605
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-38580
- CVE-2023-36862
- CVE-2023-42828
- CVE-2023-40437
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-38410
- CVE-2023-38609
- CVE-2023-38564
- CVE-2023-32654
- CVE-2023-38608
- CVE-2023-40397
- CVE-2023-38597
- CVE-2023-38136
- CVE-2023-23540
- CVE-2023-32409
- CVE-2023-41995
- CVE-2023-40400
- CVE-2023-40394
- CVE-2023-32437
Frequently Asked Questions
What is CVE-2023-38565?
CVE-2023-38565 is a vulnerability in the libxpc library that allows an app to gain root privileges.
Which versions of Apple operating systems are affected by CVE-2023-38565?
CVE-2023-38565 affects iOS up to version 16.6, iPadOS up to version 16.6, macOS up to version 11.7.9, macOS Ventura up to version 13.5, and watchOS up to version 9.6.
What is the severity of CVE-2023-38565?
CVE-2023-38565 has a severity rating of 7.8 (high).
How can I fix CVE-2023-38565?
To fix CVE-2023-38565, update your Apple operating system to the latest available version.
Where can I find more information about CVE-2023-38565?
You can find more information about CVE-2023-38565 on the Apple support website.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-latest
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/tags
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple ipados
- version/apple ipados/16.0
- canonical/apple iphone os
- version/apple iphone os/16.0
- canonical/apple macos
- version/apple macos/12.0
- version/apple macos/13.0
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple macos big sur
- canonical/apple macos monterey
- canonical/apple macos ventura
- canonical/apple ios