Apple Fixes Admin Privileges Bypass Vulnerability in macOS Ventura, Sonoma, and Monterey
CVE-2023-42931
Key Information
- Vendor
- Apple
- Status
- Mac OS
- Vendor
- CVE Published:
- 28 March 2024
Badges
Summary
The vulnerability CVE-2023-42931 affects macOS versions including macOS Monterey, macOS Ventura, and macOS Sonoma. It allows unprivileged users to escalate permissions and gain full root control over the system, affecting internal storage mounted with diskutil. Apple has issued a patch to mitigate the vulnerability. The exploitation of this vulnerability could lead to unauthorized access and control over affected systems, potentially leading to data breaches and system compromise. This flaw has been actively exploited and has significant potential impact, emphasizing the urgency of addressing this vulnerability.
Affected Version(s)
macOS < 13.6
macOS < 12.7
macOS < 14.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVE-2023-42931 Detection: Critical macOS Vulnerability Enabling Easy Privilege Escalation and Root Access - SOC Prime
Detect CVE-2023-42931 exploitation attempts for critical macOS privilege escalation vulnerability with a Sigma rule in the SOC Prime Platform.
9 months ago
securityonline.infoCVE-2023-42931CVE-2023-42931: macOS Flaw Exposed Systems to Easy Privilege Escalation β Patch Now!
Security researcher Yann Gascuel has detailed a critical privilege escalation vulnerability (CVE-2023-42931) affecting the macOS versions
9 months ago
References
CVSS V3.1
Timeline
Vulnerability published
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by securityonline.info
Vulnerability Reserved