Workforce Identity
Endpoint Management
Endpoint Detection & Response
Vulnerability Management
Compliance Automation
Trust Center
Description
CVE-2023-40424 is a security vulnerability in Apple's operating systems that could allow an application to access user-sensitive data. The issue was addressed by Apple through improved checks in macOS Sonoma 14.0, iOS 17, iPadOS 17, and watchOS 10. According to Kandji's analysis, this vulnerability involves the ability of a root-level user to create a new user with a custom Transparency, Consent, and Control (TCC) database in macOS. This custom TCC database can then be used to access other user's private data, effectively bypassing the intended privacy protections.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive user data by an application. The severity of this issue has been assessed as follows: