CVE-2023-27963 - Vulnerability Details - OpenCVE

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT213670
https://support.apple.com/en-us/HT213673
https://support.apple.com/en-us/HT213674
https://support.apple.com/en-us/HT213676
https://support.apple.com/en-us/HT213677
https://support.apple.com/en-us/HT213678

History

Wed, 29 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Dec 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados
CPEs	cpe:2.3:o:apple:ipad_os::::::::	cpe:2.3:o:apple:ipados::::::::
Vendors & Products	Apple ipad Os	Apple ipados

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2023-05-08T00:00:00.000Z

Updated: 2025-01-29T19:29:10.470Z

Reserved: 2023-03-08T00:00:00.000Z

Link: CVE-2023-27963

Vulnrichment

Updated: 2024-08-02T12:23:30.586Z

NVD

Status : Modified

Published: 2023-05-08T20:15:18.773

Modified: 2025-01-29T20:15:30.770

Link: CVE-2023-27963

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-27963", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "dateUpdated": "2025-01-29T19:29:10.470Z", "dateReserved": "2023-03-08T00:00:00.000Z", "datePublished": "2023-05-08T00:00:00.000Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A shortcut may be able to use sensitive data with certain actions without prompting the user"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "9.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "15.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user."}], "references": [{"url": "https://support.apple.com/en-us/HT213670"}, {"url": "https://support.apple.com/en-us/HT213676"}, {"url": "https://support.apple.com/en-us/HT213677"}, {"url": "https://support.apple.com/en-us/HT213678"}, {"url": "https://support.apple.com/en-us/HT213674"}, {"url": "https://support.apple.com/en-us/HT213673"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2023-07-27T03:46:05.662Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:23:30.586Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213670", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213676", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213677", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213678", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213674", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213673", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T19:28:55.959526Z", "id": "CVE-2023-27963", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T19:29:10.470Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-27963", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "dateUpdated": "2025-01-29T19:29:10.470Z", "dateReserved": "2023-03-08T00:00:00.000Z", "datePublished": "2023-05-08T00:00:00.000Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A shortcut may be able to use sensitive data with certain actions without prompting the user"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "9.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "15.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user."}], "references": [{"url": "https://support.apple.com/en-us/HT213670"}, {"url": "https://support.apple.com/en-us/HT213676"}, {"url": "https://support.apple.com/en-us/HT213677"}, {"url": "https://support.apple.com/en-us/HT213678"}, {"url": "https://support.apple.com/en-us/HT213674"}, {"url": "https://support.apple.com/en-us/HT213673"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2023-07-27T03:46:05.662Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:23:30.586Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213670", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213676", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213677", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213678", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213674", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213673", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-27963", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T19:28:55.959526Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T19:28:50.685Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6342B4CB-4D7D-4FBD-8A5E-E3DABDC7770E", "versionEndExcluding": "15.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "79A85DA3-B374-444F-B9A2-7E4F334C26DA", "versionEndExcluding": "16.4", "versionStartIncluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C75E4307-6CF3-4835-8E5F-96BF060658C8", "versionEndExcluding": "15.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E33C3BC5-6CFC-4B58-8642-80A9FE00DB24", "versionEndExcluding": "16.4", "versionStartIncluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C93428C-C9B4-464F-8A4A-0CE8D7BB2BAA", "versionEndExcluding": "12.6.4", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA", "versionEndExcluding": "9.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user."}], "id": "CVE-2023-27963", "lastModified": "2025-01-29T20:15:30.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-08T20:15:18.773", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213670"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213673"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT213674"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213676"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213677"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213673"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/en-us/HT213674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213676"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213678"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}