CVE-2023-35990

Published: Sep 27, 2023Modified: Nov 4, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.

Affected (4)

Products: Apple: Ipados, Iphone Os, Macos, Watchos

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 16.7
Apple Iphone Os	Before 16.7
Apple Macos	Before 14.0
Apple Watchos	Before 10.0

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (20)

http://seclists.org/fulldisclosure/2023/Oct/3

Source: product-security@apple.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/4

Source: product-security@apple.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/8

Source: product-security@apple.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/9

Source: product-security@apple.com

Mailing ListThird Party Advisory

https://support.apple.com/en-us/HT213927

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213937

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213938

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213940

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2023/Oct/3