A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Macos | Apple | * | 13.7.7 (excluding) |
Macos | Apple | 14.0 (including) | 14.7.7 (excluding) |
Macos | Apple | 15.0 (including) | 15.6 (excluding) |