CVE-2023-41975
First published: Wed Oct 25 2023(Updated: )
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.
Credit: an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Ventura | <13.6.1 | 13.6.1 |
| Apple macOS Monterey | <12.7.1 | 12.7.1 |
| Apple macOS Sonoma | <14.1 | 14.1 |
| Apple macOS | >=12.0.0<12.7.1 | |
| Apple macOS | >=13.0<13.6.1 | |
| Apple macOS | >=14.0<14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213983 (Advisory)
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT213985 (Advisory)
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213985
- https://support.apple.com/kb/HT213983
- http://seclists.org/fulldisclosure/2023/Oct/21
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/26
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-42854
- CVE-2023-40413
- CVE-2023-42844
- CVE-2023-41077
- CVE-2023-40416
- CVE-2023-42848
- CVE-2023-40423
- CVE-2023-38403
- CVE-2023-42849
- CVE-2023-40446
- CVE-2023-42942
- CVE-2023-42856
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42889
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-40401
- CVE-2023-42841
- CVE-2023-42873
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-41254
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-42952
- CVE-2023-40425
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42945
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-41989
- CVE-2023-42834
- CVE-2023-42953
- CVE-2023-42850
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40408
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-40404
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-41977
- CVE-2023-42438
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42878
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42843
- CVE-2023-41983
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-41975.
What is the severity of CVE-2023-41975?
The severity of CVE-2023-41975 is not specified.
How can a website access the microphone without the microphone use indicator being shown?
A website can access the microphone without the microphone use indicator being shown due to this vulnerability in WindowServer.
How was this vulnerability addressed?
This vulnerability was addressed by removing the vulnerable code.
Which versions of macOS are fixed for this vulnerability?
This vulnerability is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1.
- collector/mitre-cve
- collector/nvd-api
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/last-modified-date
- agent/tags
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- vendor/apple
- canonical/apple macos
- version/apple macos/12.0.0
- version/apple macos/13.0
- version/apple macos/14.0
- canonical/apple macos ventura
- canonical/apple macos monterey
- canonical/apple macos sonoma