Access Vulnerability in macOS by Apple
CVE-2023-42887

6.3MEDIUM

Key Information:

Vendor: Apple
Status: macOS
Vendor: CVE Published:; 23 January 2024

Summary

An access control vulnerability was identified in macOS that could allow applications to bypass sandbox restrictions, potentially enabling them to read arbitrary files. This security flaw underscores the importance of updated software protections to mitigate unauthorized file access. Apple has addressed this issue in recent updates, specifically macOS Ventura 13.6.4 and macOS Sonoma 14.2, enhancing sandboxing measures to safeguard user data against exploitation.

Affected Version(s)

macOS < 13.6

macOS < 14.2

References

https://support.apple.com/en-us/HT214058

https://support.apple.com/en-us/HT214036

https://support.apple.com/kb/HT214036

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Sep 14, 2023