Vulnerability Details CVE-2023-40401
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.4%
CVSS Severity
CVSS v3 Score 7.5
References
- http://seclists.org/fulldisclosure/2023/Oct/26
- https://support.apple.com/en-us/HT213985
- https://support.apple.com/kb/HT213927
- https://support.apple.com/kb/HT213938
- https://support.apple.com/kb/HT213940
- https://support.apple.com/kb/HT213985
- http://seclists.org/fulldisclosure/2023/Oct/26
- https://support.apple.com/en-us/HT213985
- https://support.apple.com/kb/HT213927
- https://support.apple.com/kb/HT213938
- https://support.apple.com/kb/HT213940
- https://support.apple.com/kb/HT213985
Products affected by CVE-2023-40401
-
cpe:2.3:o:apple:macos:13.0
-
cpe:2.3:o:apple:macos:13.0.0
-
cpe:2.3:o:apple:macos:13.0.1
-
cpe:2.3:o:apple:macos:13.1
-
cpe:2.3:o:apple:macos:13.2
-
cpe:2.3:o:apple:macos:13.2.1
-
cpe:2.3:o:apple:macos:13.3
-
cpe:2.3:o:apple:macos:13.3.1
-
cpe:2.3:o:apple:macos:13.3.3
-
cpe:2.3:o:apple:macos:13.4
-
cpe:2.3:o:apple:macos:13.4.1
-
cpe:2.3:o:apple:macos:13.5
-
cpe:2.3:o:apple:macos:13.5.2
-
cpe:2.3:o:apple:macos:13.6