What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-40400.

What is the affected software?

The affected software includes Apple tvOS up to version 17, Apple iOS up to version 17, Apple iPadOS up to version 17, Apple watchOS up to version 10, and Apple macOS Sonoma up to version 14.

What improvement was made to address this issue?

This issue was addressed with improved checks.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the following Apple support pages: [link1], [link2], [link3].

How can I fix this vulnerability?

To fix this vulnerability, update your Apple devices to the latest versions mentioned for each affected software.

Vulnerability/
CVE-2023-40400

critical

9.8

CWE

119 20 362 416

24/7/2023

26/9/2023

19/8/2024

CVE-2023-40400: Buffer Overflow

First published: Mon Jul 24 2023(Updated: )

Airport. A permissions issue was addressed with improved redaction of sensitive information.

Credit: Sei K. Cristian Dinca Computer ScienceRomania JeongOhKyea Theori이준성(Junsung Lee) Cross RepublicKirin @Pwnrin NorthSeaWojciech Regula SecuRingHalle Winkler Politepix @hallewinkler Mickey Jin @patch1t Noah Roskin-Frazee Professor Jason Lau (ZeroClicks.ai Lab) Noah Roskin-Frazee Offensive SecurityPr Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityAntonio Zekic @antoniozekic Dataflow SecurityRon Masas ImpervaMurray Mike Mikko Kenttälä ) @Turmio_ SensorFuYiğit Can YILMAZ @yilmazcanyigit Certik Skyfall Team Certik Skyfall Team Ant Security Light Ant Security Lightpattern-f @pattern_F_ Ant Security LightZweig Kunlun LabLinus Henze Pinauten GmbHPan ZhenPeng @Peterpan0927 STAR Labs SG PteMichael (Biscuit) Thomas 张师傅(@京东蓝军) Joseph Ravichandran @0xjprx MIT CSAILFerdous Saljooki @malwarezoo Jamf Softwarean anonymous researcher Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabDohyun Lee @l33d0hyun PK SecurityAdam M. SecuRing SecuRingAdam M. BreakPoint Security Research BreakPoint Security ResearchRon Masas BreakPoint Security ResearchMeng Zhang (鲸落) NorthSeaBrian McNulty Texts TextsKishan Bagaria TextsMichael DePlante @izobashi Trend Micro Zero Day InitiativeGergely Kalman @gergely_kalman Kirin @Pwnrin baba yaga weize she Berke Kırbaş Harsh Jaiswal Serkan Erayabakan George Mason UniversityDavid Kotval George Mason UniversityAkincibor George Mason UniversitySina Ahmadi George Mason UniversityBilly Tabrizi Kirin @Pwnrin SecuRingTomi Tokics @tomitokics iTomsn0wLuan Herrera @lbherrera_ Adriatik Raci Sentry CybersecurityNarendra Bhati (twitter.com/imnarendrabhati) Suma Soft PvtPune (India) Noah Roskin-Frazee (ZeroClicks.ai Lab) James Duffy (mangoSecure) Ron Masas BreakPointJames Hutchins Thijs Alkemade @xnyhps Computest Sector 7Andrew Haggard Arsenii Kostromin (0x3c3e) Offensive SecurityJoshua Jewett @JoshJewett33 Offensive SecurityFrancisco Alonso @revskills PK Security PK SecurityFrancisco Alonso @revskills Jie Ding @Lime HKUS3 LabAjou University Abysslab Dong Jun Kim @smlijun Jong Seong Kim @nevul37 Bill Marczak The Citizen Lab at The University of Toronto's Munk SchoolMaddie Stone Google's Threat Analysis GroupClaire Houston Anonymous Dong Jun Kim @smlijun AbyssLab AbyssLabJong Seong Kim @nevul37 AbyssLabWang Yu CyberservalAn anonymous researcher MacEnhanceJeremy Legendre MacEnhanceFelix Kratz Koh M. Nakagawa @tsunek0h Adam M. Yishu Wang Will Brattain at Trail Bitszer0k Mohamed GHANNAM @_simo36 Tim Michaud @TimGMichaud MoveworksWojciech Reguła @_r3ggi Chris Ross (Zoom) ABC Research s.r.o. w0wbox product-security@apple.com

Affected Software	Affected Version	How to fix
Apple macOS	<14	14
watchOS	<10	10
tvOS	<17	17
Apple iOS	<16.6	16.6
iPadOS	<16.6	16.6
Apple iOS	<17	17
iPadOS	<17	17
iPadOS	<16.6
Apple iPhone OS	<16.6
Apple macOS	<14.0
tvOS	<17.0
watchOS	<10.0
iPadOS	<17.0
Apple iPhone OS	<17.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-40384
CVE-2023-32377
CVE-2023-38615
CVE-2023-40448
CVE-2023-40432
CVE-2023-42871
CVE-2023-40399
CVE-2023-40410
CVE-2023-42872
CVE-2023-42929
CVE-2023-42925
CVE-2023-38612
CVE-2023-32361
CVE-2023-35984
CVE-2023-40402
CVE-2023-40426
CVE-2023-42876
CVE-2023-41065
CVE-2023-29497
CVE-2023-38596
CVE-2023-42943
CVE-2023-40406
CVE-2023-40420
CVE-2023-40528
CVE-2023-40438
CVE-2023-41994
CVE-2023-40407
CVE-2023-32396
CVE-2023-42933
CVE-2023-41980
CVE-2023-40411
CVE-2023-40395
CVE-2023-40391
CVE-2023-40441
CVE-2023-42959
CVE-2023-23495
CVE-2023-40434
CVE-2023-38586
CVE-2023-40436
CVE-2023-40396
CVE-2023-41995
CVE-2023-42870
CVE-2023-41981
CVE-2023-41984
CVE-2023-40429
CVE-2023-41060
CVE-2023-41067
CVE-2023-40400
CVE-2023-40454
CVE-2023-41073
CVE-2023-40403
CVE-2023-40427
CVE-2023-42957
CVE-2023-32421
CVE-2023-42826
CVE-2023-42918
CVE-2023-41986
CVE-2023-40455
CVE-2023-40386
CVE-2023-38408
CVE-2023-40401
CVE-2023-40393
CVE-2023-42949
CVE-2023-42934
CVE-2023-37448
CVE-2023-38607
CVE-2023-41987
CVE-2023-41063
CVE-2023-40422
CVE-2023-39233
CVE-2023-40388
CVE-2023-35990
CVE-2023-40417
CVE-2023-40452
CVE-2023-40430
CVE-2023-41996
CVE-2023-41078
CVE-2023-41070
CVE-2023-40541
CVE-2023-41079
CVE-2023-40443
CVE-2023-41968
CVE-2023-40450
CVE-2023-42948
CVE-2023-40424
CVE-2023-39434
CVE-2023-40414
CVE-2023-41074
CVE-2023-35074
CVE-2023-41993
CVE-2023-32359
CVE-2023-40385
CVE-2023-42833
CVE-2023-38610
CVE-2023-41066
CVE-2023-41979
CVE-2023-41174
CVE-2023-40409
CVE-2023-40412
CVE-2023-41071
CVE-2023-41068
CVE-2023-40418
CVE-2023-40456
CVE-2023-40520
CVE-2023-40419
CVE-2023-40442
CVE-2023-40439
CVE-2023-34425
CVE-2023-38136
CVE-2023-38580
CVE-2023-40392
CVE-2023-40437
CVE-2023-32416
CVE-2022-3970
CVE-2023-38590
CVE-2023-38598
CVE-2023-36495
CVE-2023-38604
CVE-2023-32734
CVE-2023-32441
CVE-2023-38261
CVE-2023-38424
CVE-2023-38425
CVE-2023-38606
CVE-2023-32381
CVE-2023-32433
CVE-2023-35993
CVE-2023-38410
CVE-2023-38603
CVE-2023-38565
CVE-2023-38593
CVE-2023-40394
CVE-2023-32437
CVE-2023-38605
CVE-2023-40397
CVE-2023-38599
CVE-2023-32445
CVE-2023-38592
CVE-2023-38572
CVE-2023-38594
CVE-2023-38595
CVE-2023-38600
CVE-2023-38611
CVE-2023-37450
CVE-2023-42866
CVE-2023-38597
CVE-2023-38133
CVE-2023-40529
CVE-2023-41232
CVE-2023-41069
CVE-2023-40431
CVE-2023-41974
CVE-2023-40428

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-40400.
What is the affected software?
The affected software includes Apple tvOS up to version 17, Apple iOS up to version 17, Apple iPadOS up to version 17, Apple watchOS up to version 10, and Apple macOS Sonoma up to version 14.
What improvement was made to address this issue?
This issue was addressed with improved checks.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the following Apple support pages: [link1], [link2], [link3].
How can I fix this vulnerability?
To fix this vulnerability, update your Apple devices to the latest versions mentioned for each affected software.

agent/type
agent/first-publish-date
agent/severity
collector/mitre-cve
source/MITRE
agent/trending
agent/source
collector/apple-support
source/Apple
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/references
agent/last-modified-date
agent/weakness
agent/description
agent/event
alias/CVE-2023-40406
alias/CVE-2023-40420
alias/CVE-2023-40528
alias/CVE-2023-40438
alias/CVE-2023-41994
alias/CVE-2023-40407
alias/CVE-2023-32396
alias/CVE-2023-42933
alias/CVE-2023-41980
alias/CVE-2023-40411
alias/CVE-2023-40395
alias/CVE-2023-40391
alias/CVE-2023-40441
alias/CVE-2023-42959
alias/CVE-2023-23495
alias/CVE-2023-40434
alias/CVE-2023-38586
alias/CVE-2023-40436
alias/CVE-2023-40396
alias/CVE-2023-41995
alias/CVE-2023-42870
alias/CVE-2023-41981
alias/CVE-2023-41984
alias/CVE-2023-40429
alias/CVE-2023-41060
alias/CVE-2023-41067
alias/CVE-2023-40400
alias/CVE-2023-40454
alias/CVE-2023-41073
alias/CVE-2023-40403
alias/CVE-2023-40427
alias/CVE-2023-42957
alias/CVE-2023-32421
alias/CVE-2023-42826
alias/CVE-2023-42918
alias/CVE-2023-41986
alias/CVE-2023-40455
alias/CVE-2023-40386
alias/CVE-2023-38408
alias/CVE-2023-40401
alias/CVE-2023-40393
alias/CVE-2023-42949
alias/CVE-2023-42934
alias/CVE-2023-37448
alias/CVE-2023-38607
alias/CVE-2023-41987
alias/CVE-2023-41063
alias/CVE-2023-40422
alias/CVE-2023-39233
alias/CVE-2023-40388
alias/CVE-2023-35990
alias/CVE-2023-40417
alias/CVE-2023-40452
alias/CVE-2023-40430
alias/CVE-2023-41996
alias/CVE-2023-41078
alias/CVE-2023-41070
alias/CVE-2023-40541
alias/CVE-2023-41079
alias/CVE-2023-40443
alias/CVE-2023-41968
alias/CVE-2023-40450
alias/CVE-2023-42948
alias/CVE-2023-40424
alias/CVE-2023-39434
alias/CVE-2023-40414
alias/CVE-2023-41074
alias/CVE-2023-35074
alias/CVE-2023-41993
alias/CVE-2023-32359
alias/CVE-2023-40385
alias/CVE-2023-42833
alias/CVE-2023-38610
alias/CVE-2023-41066
alias/CVE-2023-41979
alias/CVE-2023-41065
alias/CVE-2023-29497
alias/CVE-2023-38596
alias/CVE-2023-42943
alias/CVE-2023-35984
alias/CVE-2023-40402
alias/CVE-2023-40426
alias/CVE-2023-42876
alias/CVE-2023-42871
alias/CVE-2023-40399
alias/CVE-2023-40410
alias/CVE-2023-42872
alias/CVE-2023-42929
alias/CVE-2023-42925
alias/CVE-2023-38612
alias/CVE-2023-32361
alias/CVE-2023-38615
alias/CVE-2023-40448
alias/CVE-2023-40432
alias/CVE-2023-32377
agent/tags
agent/author
collector/nvd-api
collector/nvd-index
agent/softwarecombine
vendor/apple
canonical/apple macos
canonical/watchos
canonical/tvos
canonical/apple ios
canonical/ipados
canonical/apple iphone os