Severity
High
Analysis Summary
CVE-2023-23520 CVSS:5.5
Apple iOS, iPadOS and macOS Ventura could allow a local attacker to obtain sensitive information, caused by a race condition in the Crash Reporter component. By using a specially crafted application, an attacker could exploit this vulnerability to read arbitrary files as root.
CVE-2023-23531 CVSS:7.8
Apple iOS, iPadOS and macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an error in the Foundation component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code out of its sandbox or with certain elevated privileges.
CVE-2023-23530 CVSS:7.8
Apple iOS, iPadOS and macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an error in the Foundation component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code out of its sandbox or with certain elevated privileges.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-23520
- CVE-2023-23531
- CVE-2023-23530
Affected Vendors
Apple
Affected Products
- Apple iOS 16.2
- Apple iPadOS 16.2
- Apple macOS Ventura 13.1
Remediation
Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.