CVE-2023-40385
Description
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
CWE
- CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Affected
- Apple / iOS and iPadOS — v=unspecified <17 [affected]
- Apple / Safari — v=unspecified <17 [affected]
- Apple / macOS — v=unspecified <14 [affected]
CVSS
- (none)
References
- https://support.apple.com/en-us/HT213938
- https://support.apple.com/en-us/HT213941
- https://support.apple.com/en-us/HT213940
Source
cvelistV5-main/cves/2023/40xxx/CVE-2023-40385.json