CVE-2023-42846

State: PUBLISHED · Published: 2023-10-25 · Updated: 2025-02-13 · Assigner: apple

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.

CWE

CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Affected

Apple / iOS and iPadOS — v=unspecified <16.7 [affected]
Apple / tvOS — v=unspecified <17.1 [affected]
Apple / watchOS — v=unspecified <10.1 [affected]
Apple / iOS and iPadOS — v=unspecified <17.1 [affected]

CVSS

(none)

References

https://support.apple.com/en-us/HT213981
https://support.apple.com/en-us/HT213987
https://support.apple.com/en-us/HT213988
https://support.apple.com/en-us/HT213982
https://support.apple.com/kb/HT213982
https://support.apple.com/kb/HT213987
https://support.apple.com/kb/HT213988
https://support.apple.com/kb/HT213981
http://seclists.org/fulldisclosure/2023/Oct/23
http://seclists.org/fulldisclosure/2023/Oct/22
http://seclists.org/fulldisclosure/2023/Oct/19
http://seclists.org/fulldisclosure/2023/Oct/25

Source

cvelistV5-main/cves/2023/42xxx/CVE-2023-42846.json