Main Vulnerability Database Vulnerabilities #VU84759

Missing Authorization in macOS - CVE-2023-40393

Published: December 26, 2023

Vulnerability identifier: #VU84759

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-40393

CWE-ID: CWE-862

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows an attacker to gain unauthorized access to photos.

The vulnerability exists due to missing authorization in Photos. An attacker with physical access to device can view photos in the Hidden Photos Album.

How to mitigate CVE-2023-40393

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/HT213940

Missing Authorization in macOS - CVE-2023-40393

Detailed vulnerability description

How to mitigate CVE-2023-40393

Sources

Please verify you're human