Information disclosure in macOS - CVE-2023-23498

 

Information disclosure in macOS - CVE-2023-23498

Published: January 23, 2023


Vulnerability identifier: #VU71447
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-23498
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in Mail Drafts implementation when forwarding emails. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account and lead to information disclosure.


How to mitigate CVE-2023-23498

Install updates from vendor's website.

Sources