CVE-2023-42838

Published: Feb 21, 2024Modified: Nov 4, 2025

8.6

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: NVD

Description

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Affected (3)

Products: Apple: Macos

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	From 12.0 to 12.7.2
Apple Macos	From 13.0 to 13.6.3
Apple Macos	Version 14.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (9)

https://support.apple.com/en-us/HT213984

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT214037

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT214038

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213984

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214037

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214038

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/kb/HT213984

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214037

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214038

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.