Missing Authorization in macOS - CVE-2023-40393
Published: December 26, 2023
Vulnerability identifier: #VU84759
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-40393
CWE-ID: CWE-862
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
macOS
macOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows an attacker to gain unauthorized access to photos.
The vulnerability exists due to missing authorization in Photos. An attacker with physical access to device can view photos in the Hidden Photos Album.
Remediation
Install updates from vendor's website.