{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-40438","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2023-08-14T20:26:36.261Z","datePublished":"2024-01-10T22:03:50.347Z","dateUpdated":"2025-11-04T19:19:32.491Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"An app may be able to access edited photos saved to a temporary directory"}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"unspecified","status":"affected","lessThan":"16.7","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"14","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory."}],"references":[{"url":"https://support.apple.com/en-us/HT213927"},{"url":"https://support.apple.com/en-us/HT213940"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2024-01-10T22:03:50.347Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT213927","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213940","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213940"},{"url":"https://support.apple.com/kb/HT213927"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T19:19:32.491Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-379","lang":"en","description":"CWE-379 Creation of Temporary File in Directory with Insecure Permissions"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-01-18T01:25:35.919651Z","id":"CVE-2023-40438","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-20T15:42:28.144Z"}}]}}