CVE-2023-42838

Published Feb 21, 2024

Last updated 5 months ago

CVSS high 8.6

Overview

Description: An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F8AB85-34DB-4536-ADDE-D0EB5DEBFD85",
            "versionEndExcluding": "12.7.2",
            "versionStartIncluding": "12.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E",
            "versionEndExcluding": "13.6.3",
            "versionStartIncluding": "13.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References