Improper Authentication in watchOS - CVE-2023-40418

 

Improper Authentication in watchOS - CVE-2023-40418

Published: September 27, 2023


Vulnerability identifier: #VU81215
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-40418
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
watchOS

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists in the Passcode feature due to Apple Watch Ultra may not lock when using the Depth app. An attacker with physical access to device can gain unauthorized access to the system.


How to mitigate CVE-2023-40418

Install updates from vendor's website.

Sources