CVE-2023-38580: Race Condition
Published Jul 24, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Mohamed GHANNAM@@_simo36, pattern-f@@pattern_F_(Ant Security Light), Nick Brook, Kirin@@Pwnrin, Wojciech Regula(SecuRing), Kirin@@Pwnrin(SecuRing), (SecuRing), found by OSS-Fuzz, Zweig(Kunlun Lab), 香农的三蹦子(Pangu Lab), an anonymous researcher, Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Peter Nguyễn Vũ Hoàng@@peternguyen14(STAR Labs SG Pte), Certik Skyfall Team, Valentin Pashkov(Kaspersky), Mikhail Vinogradov(Kaspersky), Georgy Kucherin@@kucher1n(Kaspersky), Leonid Bezvershenko@@bzvr_(Kaspersky), (Kaspersky), Boris Larin@@oct0xor(Kaspersky), Kaitao Xie(Alibaba Group), Xiaolong Bai(Alibaba Group), Certik Skyfall Team(Ant Security Light), Sei K., Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Noah Roskin-Frazee, Thijs Alkemade(Computest Sector 7), Adam M., Johan Carlsson (joaxcar), Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin, Yuval Yarom, Narendra Bhati (twitter.com/imnarendrabhati)(Suma Soft Pvt), Pune - India(TU Wien), Valentino Dalla Valle(TU Wien), Pedro Bernardo(TU Wien), Marco Squarcina(TU Wien), (TU Wien), Lorenzo Veronese(TU Wien), Pune - India, Yuhao Hu, Jiming Wang, Jikai Ren, Anonymous(Trend Micro Zero Day Initiative), Francisco Alonso@@revskills, Junsung Lee, 이준성(Junsung Lee)(Cross Republic), Apple, YeongHyeon Choi@@hyeon101010, Mickey Jin@@patch1t, Gergely Kalman@@gergely_kalman, Erhad Husovic, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, Bool(YunShangHuaAn), Arsenii Kostromin (0x3c3e), Taavi Eomäe(Zone Media O), Mickey Jin@@patch1t(Trend Micro Zero Day Initiative), (Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2023-1916, Jonathan Bar Or(Microsoft), Emanuele Cozzi(Microsoft), (Microsoft), Michael Pearse(Microsoft), Csaba Fitzl@@theevilbit(Offensive Security), Sandipan Roy, James Duffy (mangoSecure), Michael Cowell, David Hoyt(Hoyt LLC), Wenchao Li(Hangzhou Orange Shield Information Technology Co), Xiaolong Bai(Hangzhou Orange Shield Information Technology Co), Ltd., CVE-2023-1801, Matthew Loewen, CVE-2023-2426, CVE-2023-2609, CVE-2023-2610, Yiğit Can YILMAZ@@yilmazcanyigit, Pr, Yishu Wang, ABC Research s.r.o.
Affected Software
8 affected componentsFixes available
Apple WatchOS<9.6
9.6
Apple macOS Ventura<13.5
13.5
Apple iOS<16.6
16.6
Apple iPadOS<16.6
16.6
Apple iPadOS<16.6
Apple iPhone OS<16.6
Apple macOS>=13.0<13.5
Apple WatchOS<9.6
Event History
Jul 24, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Jul 27, 2023
CVE Published
via MITRE·12:22 AM
Data Sourced
via MITRE·12:22 AM
DescriptionWeakness
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-38580.
2
What is the severity of CVE-2023-38580?
The severity of CVE-2023-38580 is high with a score of 7.8.
3
What is the affected software for CVE-2023-38580?
The affected software for CVE-2023-38580 includes Apple macOS Ventura 13.5, Apple watchOS up to 9.6, Apple iOS up to 16.6, and Apple iPadOS up to 16.6.
4
How was CVE-2023-38580 addressed?
CVE-2023-38580 was addressed with improved memory handling.
5
How can I fix CVE-2023-38580?
To fix CVE-2023-38580, you need to update your Apple software to iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6, or later versions.