Login Sign Up

CVE-2023-32357

7.1 HIGH

📋 TL;DR

This CVE describes an authorization vulnerability in Apple operating systems where applications can retain access to system configuration files even after their permissions have been revoked. This affects users of iOS, iPadOS, macOS, watchOS, and tvOS who have installed potentially malicious applications that were granted and then revoked access to sensitive files.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • tvOS
Versions: Versions prior to iOS 16.5, iPadOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, watchOS 9.5, tvOS 16.5
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple watchOS, Apple tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations are vulnerable. The vulnerability affects the permission revocation mechanism across multiple Apple operating systems.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious application could persistently access and potentially modify critical system configuration files, leading to system compromise, data exfiltration, or privilege escalation.

🟠

Likely Case

Applications that were previously granted and revoked access could continue reading sensitive system configuration data, potentially exposing device information or user preferences.

🟢

If Mitigated

With proper application vetting and security controls, the impact is limited to applications that have already been identified as suspicious and had permissions revoked.

🌐 Internet-Facing: LOW - This vulnerability requires local application execution and does not directly expose services to internet-based attacks.
🏢 Internal Only: MEDIUM - The risk is primarily from installed applications, which could be introduced through various internal vectors including app stores, sideloading, or enterprise deployment.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious application to be installed and granted permissions, then have those permissions revoked while maintaining access. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.5, iPadOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, watchOS 9.5, tvOS 16.5

Vendor Advisory: https://support.apple.com/en-us/HT213757

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Application Permission Review

all

Review and remove unnecessary applications, especially those with file access permissions

Restrict Application Installation

all

Limit application installation to trusted sources only through MDM or parental controls

🧯 If You Can't Patch

  • Remove any applications that have been granted file access permissions and are no longer needed
  • Implement application allowlisting through MDM solutions to control which applications can run

🔍 How to Verify

Check if Vulnerable:

Check the operating system version in Settings > General > About (iOS/iPadOS) or About This Mac (macOS)

Check Version:

sw_vers (macOS) or Settings > General > About > Version (iOS/iPadOS)

Verify Fix Applied:

Verify the operating system version matches or exceeds the patched versions listed in the fix information

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns by applications after permission revocation
  • Applications accessing system configuration files without current permissions

Network Indicators:

  • This is primarily a local vulnerability with minimal network indicators

SIEM Query:

Look for file access events from applications that should not have current permissions, focusing on system configuration directories

📊 Metadata

CVE ID: CVE-2023-32357
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-125
Published: June 23, 2023
Last Updated: December 5, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32357, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)