CVE-2023-42834

Vulnerability

A privacy issue exists in Apple's file handling logic across multiple platforms. The vulnerability affects watchOS prior to 10.1, macOS Sonoma prior to 14.1, macOS Monterey prior to 12.7.2, macOS Ventura prior to 13.6.3, iOS prior to 17.1, and iPadOS prior to 17.1 [1][2][3][4]. The issue allows an app to access sensitive user data due to improper handling of files.

Exploitation

An attacker would need to have an app installed on the target device. No additional privileges or user interaction beyond normal app execution are required. The exact exploitation sequence is not disclosed, but it involves the app leveraging the flawed file handling to access data it should not be able to reach.

Impact

Successful exploitation results in an app being able to access sensitive user data, potentially including personal information such as contacts, messages, or other private files. The attacker gains unauthorized read access to data protected by the operating system's sandbox.

Mitigation

Apple has addressed the issue with improved handling of files. Updates are available: watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1, and iPadOS 17.1 [1][2][3][4]. Users should update their devices to the latest available versions. There are no known workarounds.