CVE-2023-42947

Published: Mar 28, 2024Modified: Nov 4, 2025

8.6

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: NVD

Description

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.

Affected (7)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Watchos

5 products

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.2
Apple Iphone Os	Before 17.2
Apple Macos	From 12.0 to 12.7.2
Apple Macos	From 13.0 to 13.6.3
Apple Macos	From 14.0 to 14.2
Apple Tvos	Before 17.2
Apple Watchos	Before 10.2

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (16)

https://support.apple.com/en-us/HT214035

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214036

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214037

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214038

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214040

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214041

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214035

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214036

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214037

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214038

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214040

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214041

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/kb/HT214036

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214037

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214040

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214041

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.