发布于3月6日3月6日 Members OS X update for NetworkExtension (CVE-2023-28182) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28182 CVE - 2023-28182 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677
