Logic Issue in macOS Ventura by Apple
CVE-2023-32364

8.6HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 27 July 2023

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2023-32364?

A logic issue in macOS Ventura could allow a sandboxed process to bypass security restrictions, potentially leading to unauthorized access or operations. This vulnerability has been addressed in macOS Ventura version 13.5 with improved restrictions to mitigate the risk of sandbox circumvention.

Affected Version(s)

macOS < 13.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-32364-macos-app-sandbox-escape
Created by gergelykalman

News Articles

Bad Sector Labs Blog

CVE-2023-29357 CVE-2023-32364

Last Week in Security (LWiS) - 2023-10-03

Nighthawk update (@MDSecLabs), Teams external splash bypass, MSI LPEs, and Zip+LNKs (@pfiatde), SCCM takeover (@_Mayyhem), .NET obfuscation (@eversinc33), JonMon (@jsecurity101), and more!

References

https://support.apple.com/en-us/HT213843

https://support.apple.com/kb/HT213844

https://support.apple.com/kb/HT213845

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Bad Sector Labs Blog
Jun 26, 2024
🟡
Public PoC available
Sep 26, 2023
👾
Exploit known to exist
Sep 26, 2023
Vulnerability published
Jul 27, 2023
Vulnerability Reserved
May 8, 2023