CVE-2023-35990 : What You Need to Know

A security vulnerability, CVE-2023-35990, has been identified in Apple's iOS, iPadOS, macOS, and watchOS. This vulnerability could allow a malicious app to determine the other installed applications on a user's device.

Understanding CVE-2023-35990

This section provides insights into the nature and impact of the CVE-2023-35990 vulnerability.

What is CVE-2023-35990?

The vulnerability in question allows an application to identify the full list of installed apps on the affected device, potentially compromising user privacy and security.

The Impact of CVE-2023-35990

The exploitation of this vulnerability could lead to unauthorized access to sensitive information and compromise user privacy.

Technical Details of CVE-2023-35990

Here, we delve into the specifics of the CVE-2023-35990 vulnerability.

Vulnerability Description

The issue stems from a lack of proper checks, enabling apps to access information about other installed applications.

Affected Systems and Versions

The vulnerability impacts the following Apple products and versions:

iOS and iPadOS versions less than 17 and 16.7
macOS versions less than 14
watchOS versions less than 10

Exploitation Mechanism

Malicious apps can exploit this vulnerability to gain insights into the user's app installation history, potentially breaching user privacy.

Mitigation and Prevention

Protecting your system from CVE-2023-35990 is crucial. Follow the outlined steps to enhance your security.

Immediate Steps to Take

Update to the latest non-affected versions of iOS 17 and iPadOS 17, watchOS 10, and macOS Sonoma 14.
Be cautious while installing new applications and grant permissions judiciously.

Long-Term Security Practices

Regularly update your operating system and apps to mitigate potential vulnerabilities.

Patching and Updates

Stay informed about security patches released by Apple and promptly install them to fortify your device's security.