CVE-2023-32422: 
macOS vulnerability analysis and mitigation

CVE-2023-32422 is a security vulnerability affecting multiple Apple operating systems including iOS 16.5, iPadOS 16.5, tvOS 16.5, and macOS Ventura 13.4. The vulnerability was discovered and disclosed in May 2023, with fixes released on May 18, 2023. The issue exists in SQLite functionality where an application may be able to bypass Privacy preferences (Apple iOS, Apple macOS).

The vulnerability was addressed by adding additional SQLite logging restrictions. It received a CVSS 3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates the vulnerability requires local access and user interaction, but has high impact on integrity while not affecting confidentiality or availability (NVD).

When exploited, this vulnerability allows an application to bypass Privacy preferences on affected systems. This could potentially give malicious applications unauthorized access to sensitive user data that would normally be restricted by privacy settings (Apple iOS).

Apple has released security updates to address this vulnerability in iOS 16.5, iPadOS 16.5, tvOS 16.5, and macOS Ventura 13.4. Users are advised to update their devices to these versions or later to receive the fix (Apple iOS, Apple macOS).

The vulnerability was discovered and reported by security researchers Gergely Kalman (@gergely_kalman) and Wojciech Reguła of SecuRing (wojciechregula.blog) (Apple iOS).