{"api_version":"1","generated_at":"2026-04-23T07:01:15+00:00","cve":"CVE-2023-40429","urls":{"html":"https://cve.report/CVE-2023-40429","api":"https://cve.report/api/cve/CVE-2023-40429.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-40429","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-40429"},"summary":{"title":"CVE-2023-40429","description":"A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2023-09-27 15:19:00","updated_at":"2023-11-07 04:20:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/8","name":"http://seclists.org/fulldisclosure/2023/Oct/8","refsource":"","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/10","name":"http://seclists.org/fulldisclosure/2023/Oct/10","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-9 tvOS 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213937","name":"https://support.apple.com/en-us/HT213937","refsource":"MISC","tags":[],"title":"About the security content of watchOS 10 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213936","name":"https://support.apple.com/en-us/HT213936","refsource":"MISC","tags":[],"title":"About the security content of tvOS 17 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/3","name":"http://seclists.org/fulldisclosure/2023/Oct/3","refsource":"","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-2 macOS Sonoma 14","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213938","name":"https://support.apple.com/en-us/HT213938","refsource":"MISC","tags":[],"title":"About the security content of iOS 17 and iPadOS 17 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213940","name":"https://support.apple.com/en-us/HT213940","refsource":"MISC","tags":[],"title":"About the security content of macOS Sonoma 14 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/9","name":"http://seclists.org/fulldisclosure/2023/Oct/9","refsource":"","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-8 watchOS 10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-40429","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40429","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"40429","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"40429","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"40429","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"40429","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"40429","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-40429","qid":"610525","title":"Apple iOS 17 and iPadOS 17 Security Update Missing (HT213938)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-40429","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"An app may be able to access sensitive user data"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"14"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"10"}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.apple.com/en-us/HT213938","refsource":"MISC","name":"https://support.apple.com/en-us/HT213938"},{"url":"https://support.apple.com/en-us/HT213936","refsource":"MISC","name":"https://support.apple.com/en-us/HT213936"},{"url":"https://support.apple.com/en-us/HT213940","refsource":"MISC","name":"https://support.apple.com/en-us/HT213940"},{"url":"https://support.apple.com/en-us/HT213937","refsource":"MISC","name":"https://support.apple.com/en-us/HT213937"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/10","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/10"}]}},"nvd":{"publishedDate":"2023-09-27 15:19:00","lastModifiedDate":"2023-11-07 04:20:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}