Arbitrary Code Execution Vulnerability in Apple macOS Products
CVE-2023-36854

7.8HIGH

Key Information:

Vendor: Apple
Status: macOS
Vendor: CVE Published:; 27 July 2023

What is CVE-2023-36854?

An issue in macOS products has been identified where processing a specially crafted file could lead to unexpected app termination or allow arbitrary code execution. This vulnerability has been addressed in the latest updates for macOS Monterey, Ventura, and Big Sur, enhancing the security of these operating systems.

Affected Version(s)

macOS < 13.5

macOS < 11.7

macOS < 12.6

References

https://support.apple.com/en-us/HT213843

https://support.apple.com/en-us/HT213845

https://support.apple.com/en-us/HT213844

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Jul 20, 2023