CVE-2023-42977

CVE Database · CVE-2023-42977

CVE-2023-42977

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

0.18%

Published

Apr 11, 2025

Modified

Apr 29, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20

Affected Products (3)

apple · ipad_os (up to 17.0)vulnerable

apple · iphone_os (up to 17.0)vulnerable

apple · macos (up to 14.0)vulnerable

References (2)

https://support.apple.com/en-us/120949

Release NotesVendor Advisory

https://support.apple.com/en-us/120950

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs