Apple macOS up to 14.1 Location information disclosure

Summaryinfo

A vulnerability labeled as problematic has been found in Apple macOS up to 14.1. This issue affects some unknown processing of the component Location Handler. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2023-40390. The attack must be carried out locally. There is no available exploit. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Apple macOS up to 14.1 and classified as problematic. Affected by this issue is an unknown part of the component Location Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. CVE summarizes:

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.

The advisory is shared for download at support.apple.com. This vulnerability is handled as CVE-2023-40390 since 08/14/2023. The exploitation is known to be easy. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading to version 14.2 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 14.0
• 14.1

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion