First published: Wed Oct 25 2023(Updated: )
Automation. The issue was addressed with improved checks.
Credit: Yiğit Can YILMAZ @yilmazcanyigit product-security@apple.com Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncMingxuan Yang @PPPF00L 360 Vulnerability Research Institute 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research InstituteCVE-2023-42946 이준성(Junsung Lee) Cross Republic이준성(Junsung Lee) Pedro Ribeiro @pedrib1337 Agile Information SecurityVitor Pedreira @0xvhp_ Agile Information SecurityKirin @Pwnrin SecuRingWojciech Regula SecuRing Computer ScienceCristian Dinca Computer ScienceRomania Bistrit Dahal JZ Linus Henze Pinauten GmbHMickey Jin @patch1t Grzegorz Riegel Adam M. Csaba Fitzl @theevilbit Offensive SecurityMichael (Biscuit) Thomas - @social.lol @biscuit CVE-2023-42823 an anonymous researcher inooo Adis Alic Sam Lakmaker Ting Ding James Mancz Omar Shibli Lorenzo Cavallaro Harry Lewandowski Kacper Kwapisz @KKKas_ Abhay Kailasia @abhay_kailasia Lakshmi Narain College Of Technology Bhopal IndiaPeter Nguyễn Vũ Hoàng @peternguyen14 STAR Labs SG PteZhipeng Huo @R3dF09 Tencent Security Xuanwu LabNoah Roskin-Frazee Pr Tomi Tokics @tomitokics iTomsn0w
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.1 | 14.1 |
tvOS | <17.1 | 17.1 |
Apple iOS, iPadOS, and watchOS | <10.1 | 10.1 |
iPadOS | <17.1 | |
iPhone OS | <17.1 | |
macOS | =14.0 | |
tvOS | <17.1 | |
Apple iOS, iPadOS, and watchOS | <10.1 | |
Apple iOS and iPadOS | <17.1 | 17.1 |
Apple iOS, iPadOS, and macOS | <17.1 | 17.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-42839 allows apps to potentially access sensitive user data, indicating a moderate to high severity of the vulnerability.
To address CVE-2023-42839, update your devices to iOS 17.1, iPadOS 17.1, tvOS 17.1, watchOS 10.1, or macOS Sonoma 14.1.
CVE-2023-42839 affects devices running iOS versions below 17.1, iPadOS versions below 17.1, tvOS versions below 17.1, as well as watchOS below 10.1 and macOS versions below 14.1.
CVE-2023-42839 is a sandbox issue related to improper state management in affected Apple operating systems.
No, CVE-2023-42839 is not fixed in earlier versions; it requires the latest updates to ensure protection.