VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 23, 2023· Updated Dec 5, 2024

CVE-2023-28202

CVE-2023-28202

Description

Apple fixed CVE-2023-28202 in multiple OS updates; the bug let an app firewall setting not take effect after exiting Settings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apple fixed CVE-2023-28202 in multiple OS updates; the bug let an app firewall setting not take effect after exiting Settings.

Vulnerability

CVE-2023-28202 is a logic issue in Apple's app firewall implementation across iOS 16.5, iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. Affected versions are those prior to the respective released updates. The bug causes an app firewall setting to not take effect after the user exits the Settings app, potentially allowing unintended traffic.

Exploitation

No specific exploitation steps are detailed in the available references. The vulnerability is reachable on an affected device where the user has configured an app firewall setting, then exits the Settings app.

Impact

A successful exploit could allow an app to bypass the configured firewall restriction, potentially leading to unintended data flows or network access contrary to user expectation. The impact is confined to the misapplication of the firewall setting.

Mitigation

Apple addressed this issue in the following releases: iOS 16.5, iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4, all dated May 18, 2023 [1][2][3][4]. No workaround is documented; users should update to the latest versions.

References
  1. About the security content of macOS Ventura 13.4 - Apple Support
  2. About the security content of iOS 16.5 and iPadOS 16.5 - Apple Support
  3. About the security content of tvOS 16.5 - Apple Support
  4. About the security content of watchOS 9.5 - Apple Support

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

4

News mentions

0

No linked articles in our index yet.