Sandbox Bypass in Apple OS before 12.6.4/16.4
CVE-2023-40398 Published on July 29, 2024

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions.

NVD

Vulnerability Analysis

CVE-2023-40398 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2023-40398

Want to know whenever a new CVE is published for Apple products? stack.watch will email you.

Apple macOS

Apple iOS

Apple iPadOS

Affected Versions

Apple macOS:

Version unspecified and below 13.3 is affected.

Apple iOS and iPadOS:

Version unspecified and below 16.4 is affected.

Apple macOS:

Version unspecified and below 12.6 is affected.

Apple macOS:

Version unspecified and below 11.7 is affected.

Exploit Probability

EPSS

0.15%

Percentile

34.73%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Sandbox Bypass in Apple OS before 12.6.4/16.4CVE-2023-40398 Published on July 29, 2024

Vulnerability Analysis

Products Associated with CVE-2023-40398

Affected Versions

Exploit Probability

Sandbox Bypass in Apple OS before 12.6.4/16.4
CVE-2023-40398 Published on July 29, 2024