CVE-2023-42846

Summary

This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.

Affected Software

VendorProductVersion RangeStatus
AppleiOS and iPadOSunspecified < 16.7affected
AppletvOSunspecified < 17.1affected
ApplewatchOSunspecified < 10.1affected
AppleiOS and iPadOSunspecified < 17.1affected

Weaknesses

  • A device may be passively tracked by its Wi-Fi MAC address

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References