Main Vulnerability Database Exploits ID:9364 - Exploit for UNIX symbolic link following in macOS - CVE-2023-38571

ID:9364 - Exploit for UNIX symbolic link following in macOS - CVE-2023-38571

Published: September 28, 2023

Vulnerability identifier: #VU78769

Vulnerability risk: Low

CVE-ID: CVE-2023-38571

CWE-ID: CWE-61

Exploitation vector: Local access

Vulnerable software:
macOS

Link to public exploit:

https://github.com/gergelykalman/CVE-2023-38571-a-macOS-TCC-bypass-in-Music-and-TV

Vulnerability description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to a symlink following issue within the Music component. A local application can create a specially crafted symbolic link to a critical file on the system and bypass Privacy preferences.

Remediation

Install updates from vendor's website.

ID:9364 - Exploit for UNIX symbolic link following in macOS - CVE-2023-38571

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human