CVE-2023-42844

Summary

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.

Affected Software

VendorProductVersion RangeStatus
ApplemacOSunspecified < 14.1affected
ApplemacOSunspecified < 13.6affected
ApplemacOSunspecified < 12.7affected

Weaknesses

  • A website may be able to access sensitive user data when resolving symlinks

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References