Symlink Validation Vulnerability Allows Privacy Preference Bypass in macOS

Symlink Validation Vulnerability Allows Privacy Preference Bypass in macOS

CVE-2023-38571 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.

Learn more about our Cis Benchmark Audit For Apple Macos.