First published: Wed Oct 25 2023(Updated: )
Automation. The issue was addressed with improved checks.
Credit: CVE-2023-42946 product-security@apple.com Bistrit Dahal Cristian Dinca Computer ScienceRomania 이준성(Junsung Lee) Cross Republic이준성(Junsung Lee) Pedro Ribeiro @pedrib1337 Agile Information SecurityVitor Pedreira @0xvhp_ Agile Information SecurityTalal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncMingxuan Yang @PPPF00L 360 Vulnerability Research Institute 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research InstituteYiğit Can YILMAZ @yilmazcanyigit Kirin @Pwnrin SecuRingWojciech Regula SecuRing Computer ScienceJZ Linus Henze Pinauten GmbHMickey Jin @patch1t Grzegorz Riegel Adam M. Csaba Fitzl @theevilbit Offensive SecurityMichael (Biscuit) Thomas - @social.lol @biscuit CVE-2023-42823 an anonymous researcher inooo Adis Alic Sam Lakmaker Ting Ding James Mancz Omar Shibli Lorenzo Cavallaro Harry Lewandowski Kacper Kwapisz @KKKas_ Abhay Kailasia @abhay_kailasia Lakshmi Narain College Of Technology Bhopal IndiaPeter Nguyễn Vũ Hoàng @peternguyen14 STAR Labs SG PteZhipeng Huo @R3dF09 Tencent Security Xuanwu LabNoah Roskin-Frazee Pr Tomi Tokics @tomitokics iTomsn0w
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.1 | 14.1 |
tvOS | <17.1 | 17.1 |
Apple iOS, iPadOS, and watchOS | <10.1 | 10.1 |
iPadOS | <17.1 | |
iPhone OS | <17.1 | |
macOS | =14.0 | |
tvOS | <17.1 | |
Apple iOS, iPadOS, and watchOS | <10.1 | |
Apple iOS and iPadOS | <17.1 | 17.1 |
Apple iOS, iPadOS, and macOS | <17.1 | 17.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-42946 has a high severity as it involves the potential leakage of sensitive user information.
To fix CVE-2023-42946, update your devices to tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, or iPadOS 17.1.
CVE-2023-42946 affects multiple Apple devices including iPhones, iPads, Macs, Apple TVs, and Apple Watches running specific versions of their operating systems.
Apple addressed CVE-2023-42946 in the software updates released for tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1.
CVE-2023-42946 represents an issue relating to the inadequate redaction of sensitive user information in Apple's software.