Vulnerability Details CVE-2023-42847
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.6%
CVSS Severity
CVSS v3 Score 7.5
References
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://support.apple.com/en-us/HT213982
- https://support.apple.com/en-us/HT213984
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213984
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://support.apple.com/en-us/HT213982
- https://support.apple.com/en-us/HT213984
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213984
Products affected by CVE-2023-42847
-
cpe:2.3:o:apple:ipados:17.0
-
cpe:2.3:o:apple:ipados:17.0.1
-
cpe:2.3:o:apple:ipados:17.0.3
-
cpe:2.3:o:apple:iphone_os:17.0
-
cpe:2.3:o:apple:iphone_os:17.0.1
-
cpe:2.3:o:apple:iphone_os:17.0.3
-
cpe:2.3:o:apple:macos:14.0