Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
October 27, 2023Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities
October 27, 2023Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
October 27, 2023Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities
October 27, 2023Severity
Medium
Analysis Summary
CVE-2023-40413 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Find My component. By using a specially crafted application, an attacker could exploit this vulnerability to read sensitive location information.
CVE-2023-42849 CVSS:5.5
Apple watchOS could allow a local attacker to bypass security restrictions, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass kernel memory mitigations.
CVE-2023-40408 CVSS:5.5
Apple watchOS could allow a local attacker to bypass security restrictions, caused by an inconsistent user interface issue in the Mail Drafts component. By using a specially crafted application, an attacker could exploit this vulnerability to deactivate Hide My Email unexpectedly.
CVE-2023-42846 CVSS:5.5
Apple watchOS could allow a local attacker to bypass security restrictions, caused by an issue in the mDNSResponder component. By using a specially crafted application, an attacker could exploit this vulnerability to passively track a device by its Wi-Fi MAC address.
CVE-2023-41982 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
CVE-2023-41997 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
CVE-2023-41988 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
CVE-2023-41254 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Weather component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-40413
- CVE-2023-42849
- CVE-2023-40408
- CVE-2023-42846
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-41254
Affected Vendors
Apple
Affected Products
- Apple watchOS 10.0.0
Remediation
Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.