CVE-2023-32383

Published: Jan 10, 2024Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.

Affected (3)

Products: Apple: Macos

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 11.7.7
Apple Macos	From 12.0.0 to 12.6.6
Apple Macos	From 13.0 to 13.4

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://support.apple.com/en-us/HT213758

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213759

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213760

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213758

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213759

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213760

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.