#VU74084 Security features bypass in Apple iOS and iPadOS - CVE-2023-27943
Published: March 27, 2023
Vulnerability identifier: #VU74084
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-27943
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improperly implemented security checks within the LaunchServices component, which can result in files downloaded from the internet not having the quarantine flag applied. A remote attacker can trick the victim to download and execute malicious file and compromise the affected system.
Remediation
Install updates from vendor's website.