Login Sign Up

CVE-2023-40454

7.1 HIGH

📋 TL;DR

This CVE describes a permissions bypass vulnerability in Apple operating systems where an application can delete files it shouldn't have access to. The vulnerability affects multiple Apple platforms including macOS, iOS, iPadOS, tvOS, and watchOS. This could allow malicious apps to delete critical system or user files.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions prior to macOS Ventura 13.6, tvOS 17, iOS 16.7, iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17, iPadOS 17, macOS Sonoma 14
Operating Systems: Apple macOS, Apple iOS, Apple iPadOS, Apple tvOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable until patched.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could delete critical system files, user data, or configuration files leading to system instability, data loss, or complete system compromise.

🟠

Likely Case

Malicious apps in app stores could delete user data or configuration files, potentially leading to data loss or privacy violations.

🟢

If Mitigated

With proper app sandboxing and security controls, impact would be limited to files within the app's designated sandbox area.

🌐 Internet-Facing: LOW - This vulnerability requires local app execution, not directly exploitable over the internet.
🏢 Internal Only: MEDIUM - Malicious apps could be installed internally, but requires user interaction or enterprise app deployment.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target system. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14

Vendor Advisory: https://support.apple.com/en-us/HT213982

Restart Required: Yes

Instructions:

1. Open System Settings (macOS) or Settings (iOS/iPadOS). 2. Navigate to General > Software Update. 3. Install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like the official App Store and restrict installation of third-party apps.

Enable Gatekeeper

macos

Ensure Gatekeeper is enabled on macOS to verify app signatures before execution.

sudo spctl --master-enable

🧯 If You Can't Patch

  • Implement strict app installation policies and only allow apps from trusted sources
  • Use mobile device management (MDM) solutions to enforce security policies and app restrictions

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On macOS: System Settings > General > About. On iOS/iPadOS: Settings > General > About.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version is equal to or newer than the patched versions listed in the fix information.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file deletion events in system logs
  • App execution logs showing unauthorized file operations

Network Indicators:

  • No direct network indicators as this is a local vulnerability

SIEM Query:

source="apple_system_logs" AND (event="file_deletion" OR event="unlink") AND process_name NOT IN ("authorized_processes_list")

📊 Metadata

CVE ID: CVE-2023-40454
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Published: September 27, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON