CVE-2023-40393
📋 TL;DR
This vulnerability allows unauthorized access to photos in the Hidden Photos Album on Apple devices without proper authentication. It affects users of iOS, iPadOS, and macOS who have photos in the Hidden Photos Album. The issue was caused by improper state management in the authentication mechanism.
💻 Affected Systems
- iOS
- iPadOS
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Sensitive photos intended to be hidden could be accessed by anyone with physical access to the device, potentially exposing private information, compromising personal security, or enabling blackmail.
Likely Case
Someone with brief physical access to an unlocked device could view hidden photos without the owner's knowledge, violating privacy expectations.
If Mitigated
With proper device passcodes and physical security controls, the risk is significantly reduced as the attacker would need both physical access and the device to be unlocked.
🎯 Exploit Status
Exploitation requires physical access to the device and the Photos app to be accessible (device unlocked). No special tools or technical knowledge needed beyond basic device navigation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 17, iPadOS 17, macOS Sonoma 14
Vendor Advisory: https://support.apple.com/en-us/HT213940
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install iOS 17/iPadOS 17/macOS Sonoma 14 or later. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable Hidden Photos Album
allMove photos out of the Hidden Photos Album to standard albums where they are not protected by the vulnerable authentication mechanism.
Enable Screen Time Restrictions
allUse Screen Time to restrict access to the Photos app entirely for unauthorized users.
🧯 If You Can't Patch
- Ensure devices are never left unlocked and unattended
- Use strong passcodes and enable automatic locking after short periods
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About. If running iOS/iPadOS <17 or macOS <Sonoma 14, device is vulnerable if it has photos in Hidden Photos Album.Check Version:
Settings > General > About > Version (iOS/iPadOS) or Apple menu > About This Mac > macOS versionVerify Fix Applied:
After updating, verify version shows iOS 17/iPadOS 17/macOS Sonoma 14 or later. Test by locking device, then attempting to access Hidden Photos Album - should prompt for authentication.📡 Detection & Monitoring
Log Indicators:
- No specific log indicators for this local authentication bypass
Network Indicators:
- No network indicators - purely local exploit
SIEM Query:
Not applicable - local device issue without network traffic