Main Vulnerability Database Vulnerabilities #VU82418

Improper Authentication in Apple iOS and iPadOS - CVE-2023-42845

Published: October 25, 2023

Vulnerability identifier: #VU82418

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-42845

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to missing authentication in Photos application. An attacker with physical access to device can view photos in the Hidden Photos Album without authentication.

How to mitigate CVE-2023-42845

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/HT213982

Improper Authentication in Apple iOS and iPadOS - CVE-2023-42845

Detailed vulnerability description

How to mitigate CVE-2023-42845

Sources

Please verify you're human