CVE-2023-27961
EUVD-2023-3168708.05.2023, 20:15
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apple | ipados | 𝑥 < 15.7.4 |
| apple | ipados | 16.0 ≤ 𝑥 < 16.4 |
| apple | iphone_os | 𝑥 < 15.7.4 |
| apple | iphone_os | 16.0 ≤ 𝑥 < 16.4 |
| apple | macos | 11.0 ≤ 𝑥 < 11.7.5 |
| apple | macos | 12.0 ≤ 𝑥 < 12.6.4 |
| apple | macos | 13.0 ≤ 𝑥 < 13.3 |
| apple | watchos | 𝑥 < 9.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-1284 - Improper Validation of Specified Quantity in InputThe product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
References