CVE-2023-42924

Published: Dec 12, 2023Modified: Nov 4, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data.

Affected (2)

Products: Apple: Macos

Apple

1 product

Macos

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	From 13.0 to 13.6.3
Apple Macos	From 14.0 to 14.2

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (10)

http://seclists.org/fulldisclosure/2023/Dec/10

Source: product-security@apple.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Dec/9

Source: product-security@apple.com

Mailing ListThird Party Advisory

https://support.apple.com/en-us/HT214036

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT214038

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2023/Dec/10