CVE-2023-23520: Race Condition
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
Other sources
Crash Reporter. A race condition was addressed with additional validation.
— Apple
Credit
Affected Software
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2023-32438
- CVE-2023-23499
- CVE-2023-23520
- CVE-2023-41990
- CVE-2023-23519
- CVE-2023-23500
- CVE-2023-23502
- CVE-2023-23504
- CVE-2023-23503
- CVE-2023-23512
- CVE-2023-23511
- CVE-2023-32393
- CVE-2022-0108
- CVE-2023-23496
- CVE-2023-23518
- CVE-2023-23517
- CVE-2023-23505
- CVE-2022-42915
- CVE-2022-42916
- CVE-2022-32221
- CVE-2022-35260
- CVE-2023-23539
- CVE-2023-23513
- CVE-2023-23493
- CVE-2023-23530
- CVE-2023-23531
- CVE-2023-23507
- CVE-2023-23516
- CVE-2023-23506
- CVE-2023-23498
- CVE-2023-28208
- CVE-2023-23497
- CVE-2023-23510
- CVE-2022-3705
- CVE-2023-23501
- CVE-2023-23508
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-23520.
What is the severity of CVE-2023-23520?
The severity of CVE-2023-23520 is medium with a CVSS score of 5.9.
Which software versions are affected by CVE-2023-23520?
CVE-2023-23520 affects watchOS versions up to and excluding 9.3, tvOS versions up to and excluding 16.3, macOS Ventura versions up to and excluding 13.2, iOS versions up to and excluding 16.3, and iPadOS versions up to and excluding 16.3.
How was CVE-2023-23520 addressed?
CVE-2023-23520 was addressed by fixing the race condition with additional validation in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3.
What is the impact of CVE-2023-23520?
The impact of CVE-2023-23520 is that a user may be able to read arbitrary files as root.