CVE-2023-32364

8.6HIGH

Key Information:

Vendor
Apple
Status
Mac OS
Vendor
CVE Published:
27 July 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

Summary

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.

Affected Version(s)

macOS < 13.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-32364-macos-app-sandbox-escape
Created by gergelykalman

News Articles

favicon imageBad Sector Labs Blog

Last Week in Security (LWiS) - 2023-10-03

Nighthawk update (@MDSecLabs), Teams external splash bypass, MSI LPEs, and Zip+LNKs (@pfiatde), SCCM takeover (@_Mayyhem), .NET obfuscation (@eversinc33), JonMon (@jsecurity101), and more!

6 months ago

References

https://support.apple.com/en-us/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ“°

    First article discovered by Bad Sector Labs Blog

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)
.