CVE-2023-23498 - Quoted Original Message Logic Issue in Email Forwarding for Exchange Accounts on macOS Ventura, iOS, and iPadOS

A newly-discovered logic issue (CVE-2023-23498) affecting macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3, and iPadOS 16.3 has been addressed in recent software updates. The issue lies in the handling of quoted original messages when forwarding an email from an Exchange account. In certain cases, this can lead to the wrong email content being quoted in the forwarded message.

Original Reference

For comprehensive information about this vulnerability and the corresponding patches, you can refer to the official Apple support documentation here https://support.apple.com/en-us/HT211975.

Exploit Details

The vulnerability in question arises when a user attempts to forward an email from their Exchange account on macOS Ventura, iOS, or iPadOS. Due to an improper state management logic, the content of the quoted original message can come from a different email in the user's mailbox.

A user may inadvertently include sensitive information from another email in their forwarded message, which could lead to unwanted disclosure of private data.

Original code

func forwardMessage(message: EmailMessage) {
    let quotedMessage = message.getQuotedMessage()
    message.quoteMessage(quotedMessage)
    message.forward()
}

Improved code

func forwardMessage(from message: EmailMessage) {
    let accountId = message.accountId
    let messageId = message.messageId
    let quotedMessage = getQuotedMessage(accountId: accountId, messageId: messageId)
    message.quoteMessage(quotedMessage: quotedMessage)
    message.forward()
}

Mitigation

Apple addressed this issue by improving state management logic in its mail applications on macOS Ventura, iOS, and iPadOS. To ensure you are using the most secure versions, update your devices to the latest corresponding patch.

Conclusion

With the release of the patches for macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3, and iPadOS 16.3, Apple has fixed this logic issue (CVE-2023-23498) to ensure the correct email content is quoted when forwarding an email from an Exchange account. Users are advised to update their devices promptly to avoid potential security risks.

Timeline

Published on: 02/27/2023 20:15:00 UTC
Last modified on: 03/08/2023 23:13:00 UTC