CVE-2023-38571

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
appleCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
applemacos
𝑥
< 11.7.9
applemacos
12.0 ≤
𝑥
< 12.6.8
applemacos
13.0 ≤
𝑥
< 13.5
𝑥
= Vulnerable software versions
References
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213844
https://support.apple.com/en-us/HT213845
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213844
https://support.apple.com/en-us/HT213845
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845