CVE-2023-23522: Medium severity macos ventura vulnerability

Q: What is CVE-2023-23522?

CVE-2023-23522 is a vulnerability that allows an app to observe unprotected user data on Apple macOS Ventura 13.2 and earlier.

Q: What is the severity of CVE-2023-23522?

CVE-2023-23522 has a severity rating of medium (5.5).

Q: How does CVE-2023-23522 affect macOS Ventura?

CVE-2023-23522 affects macOS Ventura versions up to and including 13.2.

Q: How can I fix CVE-2023-23522?

To fix CVE-2023-23522, you should update to macOS Ventura 13.2.1 or later.

Q: Where can I find more information about CVE-2023-23522?

More information about CVE-2023-23522 can be found on the Apple support page: https://support.apple.com/en-us/HT213633

Published Feb 13, 2023

Updated

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.

Other sources

Shortcuts. A privacy issue was addressed with improved handling of temporary files.

Credit

Wenchao Li, Xiaolong Bai(Alibaba Group)

Affected Software

2 affected componentsFixes available

macOS Ventura<13.2.1

13.2.1

macOS<13.2

Event History

Feb 27, 2023

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT213633

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2023-23522?

CVE-2023-23522 is a vulnerability that allows an app to observe unprotected user data on Apple macOS Ventura 13.2 and earlier.

What is the severity of CVE-2023-23522?