CVE-2023-32394

Vulnerability

A lock screen vulnerability in Apple operating systems allows a person with physical access to a device to view contact information without authentication. The issue affects iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. The bug was addressed with improved checks [1][2][3][4].

Exploitation

An attacker needs physical access to the locked device. No authentication or special privileges are required; the attacker can simply interact with the lock screen to access contact information. The specific sequence of steps is not detailed in the available references, but the vulnerability is present on the lock screen before the device is unlocked [1][2][3][4].

Impact

A person with physical access can view contact information stored on the device, leading to a disclosure of personal data. The information accessible may include names, phone numbers, email addresses, and other contact details. No other impacts are documented in the references [1][2][3][4].

Mitigation

Apple released fixes on May 18, 2023, as part of iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. Users should update their devices to the latest available versions. No workarounds are provided in the references; the only mitigation is to apply the updates [1][2][3][4].