CVE-2023-40385

Summary

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

Affected Software

VendorProductVersion RangeStatus
AppleiOS and iPadOSunspecified < 17affected
AppleSafariunspecified < 17affected
ApplemacOSunspecified < 14affected

Weaknesses

  • A remote attacker may be able to view leaked DNS queries with Private Relay turned on

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References