Main Vulnerability Database Vulnerabilities #VU74084

#VU74084 Security features bypass in Apple iOS and iPadOS - CVE-2023-27943

Published: March 27, 2023

Vulnerability identifier: #VU74084

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-27943

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly implemented security checks within the LaunchServices component, which can result in files downloaded from the internet not having the quarantine flag applied. A remote attacker can trick the victim to download and execute malicious file and compromise the affected system.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT213676

#VU74084 Security features bypass in Apple iOS and iPadOS - CVE-2023-27943

Description

Remediation

External links

Please verify you're human