State Issues in macOS - CVE-2023-28202
Published: May 18, 2023
Vulnerability identifier: #VU76346
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-28202
CWE-ID: CWE-371
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability may allow local application to bypass implemented security issues.
The vulnerability exists due to state management issue in System Settings. An app firewall setting may not take effect after exiting the Settings app.
How to mitigate CVE-2023-28202
Install updates from vendor's website.