#VU82409 State Issues in Apple iOS and iPadOS - CVE-2023-40408
Published: October 25, 2023
Vulnerability identifier: #VU82409
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-40408
CWE-ID: CWE-371
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an inconsistent user interface issue in My Drafts feature, which can unexpectedly deactivate the Hide My Email option. A remote attacker can gain access to potentially sensitive information.
Remediation
Install updates from vendor's website.