Vulnerability Details : CVE-2023-40401
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.
Products affected by CVE-2023-40401
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40401
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40401
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-40401
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-40401
-
https://support.apple.com/kb/HT213985
About the security content of macOS Ventura 13.6.1 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/kb/HT213940
About the security content of macOS Sonoma 14 - Apple Support
-
https://support.apple.com/kb/HT213927
About the security content of iOS 16.7 and iPadOS 16.7 - Apple Support
-
https://support.apple.com/en-us/HT213985
About the security content of macOS Ventura 13.6.1 - Apple SupportRelease Notes;Vendor Advisory
-
http://seclists.org/fulldisclosure/2023/Oct/26
Full Disclosure: APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213938
About the security content of iOS 17 and iPadOS 17 - Apple Support
Jump to