CVE-2023-42836

CVE Database · CVE-2023-42836

CVE-2023-42836

· MEDIUMModified

CVSS v3.1

5.3

EPSS

0.53%

Published

Feb 21, 2024

Modified

Nov 4, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products (5)

apple · ipad_os (up to 17.1)vulnerable

apple · iphone_os (up to 17.1)vulnerable

apple · macos (up to 12.7.2)vulnerable

apple · macos (up to 13.6.3)vulnerable

apple · macosvulnerable

References (12)

https://support.apple.com/en-us/HT213982

Vendor Advisory

https://support.apple.com/en-us/HT213984