What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-40401.

What is the impact of vulnerability CVE-2023-40401?

The impact of vulnerability CVE-2023-40401 is that an attacker may be able to access passkeys without authentication.

What software versions are affected by CVE-2023-40401?

CVE-2023-40401 affects macOS Ventura versions up to but excluding 13.6.1.

How was vulnerability CVE-2023-40401 addressed?

Vulnerability CVE-2023-40401 was addressed with additional permissions checks.

Where can I find more information about vulnerability CVE-2023-40401?

You can find more information about vulnerability CVE-2023-40401 at the following references: [Support Article](https://support.apple.com/en-us/HT213985), [Security Mailing List](http://seclists.org/fulldisclosure/2023/Oct/26), [Apple Knowledge Base Article](https://support.apple.com/kb/HT213985).

Vulnerability/
CVE-2023-40401

high

7.5

CWE

306

18/9/2023

25/10/2023

24/4/2024

CVE-2023-40401

First published: Mon Sep 18 2023(Updated: )

Passkeys. The issue was addressed with additional permissions checks.

Credit: an anonymous researcher weize she weize she an anonymous researcher weize she an anonymous researcher an anonymous researcher weize she product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iOS	<16.7	16.7
Apple iPadOS	<16.7	16.7
Apple iOS	<17	17
Apple iPadOS	<17	17
	<14	14
Apple macOS Ventura	<13.6.1	13.6.1
	>=13.0<13.6.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-40448
CVE-2023-38612
CVE-2023-41232
CVE-2023-40420
CVE-2023-40438
CVE-2023-40395
CVE-2023-41984
CVE-2023-41981
CVE-2023-41992
CVE-2023-41073
CVE-2023-40454
CVE-2023-40403
CVE-2023-41068
CVE-2023-40401
CVE-2023-41063
CVE-2023-35990
CVE-2023-41991
CVE-2023-41070
CVE-2023-41993
CVE-2023-40384
CVE-2023-32377
CVE-2023-38615
CVE-2023-42929
CVE-2023-42872
CVE-2023-40432
CVE-2023-42871
CVE-2023-40399
CVE-2023-40410
CVE-2023-32361
CVE-2023-35984
CVE-2023-40402
CVE-2023-40426
CVE-2023-42876
CVE-2023-41065
CVE-2023-29497
CVE-2023-38596
CVE-2023-40406
CVE-2023-40528
CVE-2023-41994
CVE-2023-40407
CVE-2023-32396
CVE-2023-42933
CVE-2023-41980
CVE-2023-40411
CVE-2023-40391
CVE-2023-40441
CVE-2023-23495
CVE-2023-40434
CVE-2023-38586
CVE-2023-40436
CVE-2023-41995
CVE-2023-42870
CVE-2023-40429
CVE-2023-41060
CVE-2023-41067
CVE-2023-40400
CVE-2023-40427
CVE-2023-32421
CVE-2023-42826
CVE-2023-41986
CVE-2023-40455
CVE-2023-40386
CVE-2023-38408
CVE-2023-40393
CVE-2023-42934
CVE-2023-37448
CVE-2023-38607
CVE-2023-41987
CVE-2023-40422
CVE-2023-39233
CVE-2023-40388
CVE-2023-40417
CVE-2023-40452
CVE-2023-40430
CVE-2023-41996
CVE-2023-41078
CVE-2023-40541
CVE-2023-41079
CVE-2023-40443
CVE-2023-41968
CVE-2023-40450
CVE-2023-40424
CVE-2023-39434
CVE-2023-40414
CVE-2023-41074
CVE-2023-35074
CVE-2023-32359
CVE-2023-40385
CVE-2023-42833
CVE-2023-38610
CVE-2023-41066
CVE-2023-41979
CVE-2023-40529
CVE-2023-41174
CVE-2023-40409
CVE-2023-40412
CVE-2023-41071
CVE-2023-41069
CVE-2023-40431
CVE-2023-41974
CVE-2023-40456
CVE-2023-40520
CVE-2023-40419
CVE-2023-40428
CVE-2023-40449
CVE-2023-42823
CVE-2023-42854
CVE-2023-40413
CVE-2023-42844
CVE-2023-41077
CVE-2023-40416
CVE-2023-42848
CVE-2023-40423
CVE-2023-38403
CVE-2023-42849
CVE-2023-40446
CVE-2023-42942
CVE-2023-42856
CVE-2023-42859
CVE-2023-42877
CVE-2023-42840
CVE-2023-42889
CVE-2023-42853
CVE-2023-42860
CVE-2023-42841
CVE-2023-42873
CVE-2023-36191
CVE-2023-40421
CVE-2023-41254
CVE-2023-41975
CVE-2023-42858

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-40401.
What is the impact of vulnerability CVE-2023-40401?
The impact of vulnerability CVE-2023-40401 is that an attacker may be able to access passkeys without authentication.
What software versions are affected by CVE-2023-40401?
CVE-2023-40401 affects macOS Ventura versions up to but excluding 13.6.1.
How was vulnerability CVE-2023-40401 addressed?
Vulnerability CVE-2023-40401 was addressed with additional permissions checks.
Where can I find more information about vulnerability CVE-2023-40401?
You can find more information about vulnerability CVE-2023-40401 at the following references: [Support Article](https://support.apple.com/en-us/HT213985), [Security Mailing List](http://seclists.org/fulldisclosure/2023/Oct/26), [Apple Knowledge Base Article](https://support.apple.com/kb/HT213985).

collector/mitre-cve
agent/type
agent/first-publish-date
agent/references
agent/severity
agent/author
agent/weakness
agent/softwarecombine
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/apple-support
source/Apple
agent/software-canonical-lookup-request
agent/description
agent/last-modified-date
agent/tags
vendor/apple
canonical/apple macos
version/apple macos/13.0
canonical/apple ios
canonical/apple ipados
canonical/apple macos sonoma
canonical/apple macos ventura

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.