CVE-2023-32415: 
macOS vulnerability analysis and mitigation

CVE-2023-32415 is a privacy vulnerability discovered in Apple's Weather application that was fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, and macOS Ventura 13.4, released on May 18, 2023. The vulnerability allowed an application to read sensitive location information through improper redaction of sensitive information (Apple iOS, Apple macOS).

The vulnerability was caused by insufficient redaction of sensitive information in the Weather application. The issue was addressed by implementing improved redaction of sensitive location information. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, no privileges required, and user interaction is needed (NVD).

If exploited, this vulnerability could allow a malicious application to access sensitive location information of the user, potentially compromising user privacy and location data (Apple iOS).

Apple has addressed this vulnerability in iOS 16.5 and iPadOS 16.5, tvOS 16.5, and macOS Ventura 13.4. Users are advised to update their devices to these versions or later to protect against this vulnerability (Apple iOS, Apple macOS).

The vulnerability was discovered and reported by Wojciech Regula of SecuRing and Adam M. The security community has acknowledged Apple's swift response in addressing the privacy concern (Apple iOS).