VDB
CVE-2023-42836
CVE-2023-42836
PUBLISHED
CVSS 8.699999809265137 HIGH
Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgemäßer Speicher- oder Cache-Verarbeitung, unsachgemäßer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
EPSS 0.20% · 42.3th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.20%
42.3th percentile
Exploit Intelligence
- https://support.apple.com/kb/HT214038 (circl)
- https://support.apple.com/kb/HT214037 (circl)
- https://support.apple.com/kb/HT213984 (circl)
- https://support.apple.com/kb/HT213982 (circl)
- https://support.apple.com/en-us/HT214038 (circl)
- https://support.apple.com/en-us/HT213984 (circl)
- https://support.apple.com/en-us/HT214037 (circl)
- https://support.apple.com/en-us/HT213982 (circl)
- macos_v1_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
…and 18 more exploits
Timeline
- Oct 25, 2023 CVE Published
- Feb 21, 2024 EPSS Score
- Mar 19, 2024 EPSS Score
- Apr 15, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 8, 2024 EPSS Score
- Jul 5, 2024 EPSS Score
- Aug 1, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
- Sep 24, 2024 EPSS Score
- Oct 20, 2024 EPSS Score
- Nov 16, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2753.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2753 advisory
- https://support.apple.com/en-us/HT213983 advisory
- https://support.apple.com/en-us/HT213984 advisory
- https://support.apple.com/en-us/HT213985 advisory
- https://jhftss.github.io/CVE-2023-42942-xpcroleaccountd-Root-Privilege-Escalation/ advisory