CVE-2023-27963

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

History

27 Jul 2023, 04:15

Type Values Removed Values Added
Summary The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References
  • {'url': 'http://seclists.org/fulldisclosure/2023/May/7', 'name': '20230529 APPLE-SA-2023-03-27-2 iOS 15.7.4 and iPadOS 15.7.4', 'tags': [], 'refsource': 'FULLDISC'}
  • {'url': 'https://support.apple.com/kb/HT213674', 'name': 'https://support.apple.com/kb/HT213674', 'tags': [], 'refsource': 'CONFIRM'}
  • (MISC) https://support.apple.com/en-us/HT213674 -

09 Jun 2023, 00:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT213674 -

30 May 2023, 05:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2023/May/7 -

19 May 2023, 16:15

Type Values Removed Values Added
Summary The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user

15 May 2023, 15:55

Type Values Removed Values Added
CPE cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
First Time Apple iphone Os
Apple ipad Os
Apple
Apple macos
Apple watchos
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo
References (MISC) https://support.apple.com/en-us/HT213673 - (MISC) https://support.apple.com/en-us/HT213673 - Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213677 - (MISC) https://support.apple.com/en-us/HT213677 - Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213670 - (MISC) https://support.apple.com/en-us/HT213670 - Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213676 - (MISC) https://support.apple.com/en-us/HT213676 - Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213678 - (MISC) https://support.apple.com/en-us/HT213678 - Vendor Advisory

08 May 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-08 20:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-27963

Mitre link : CVE-2023-27963

CVE.ORG link : CVE-2023-27963


JSON object : View

Products Affected

apple

  • watchos
  • macos
  • iphone_os
  • ipad_os