CVE-2023-42958 — Vulnetix

CVE-2023-42958 PUBLISHED CVSS 8.600000381469727 HIGH

In Apple macOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Accessibility", "AppleEvents", "AppleMobileFileIntegrity", "Associated Domains", "Contacts", "CoreLocation","CoreCapture", "Core Services", "CUPS", "dcerpc", "Dev Tools", "DesktopServices", "GeoServices", "ImageIO", "IOSurface", "IOSurfaceAccelerator", "Kernel, "LaunchServices", "libxpc", "Metal", "Model I/O", "NetworkExtension", "PackageKit", "PDFKit", "Perl", "Photos", "Sandbox", "Screen Saver","Shell", "Security", "Shortcuts", "Siri", "SQLite", "StorageKit", "System Settings", "Telephony", "TV App", "Weather", "WebKit" sowie "Wi-Fi". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.

EPSS 0.10% · 26.9th percentile

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.10%

26.9th percentile

Timeline

May 18, 2023 CVE Published
Jul 30, 2024 EPSS Score
Aug 20, 2024 EPSS Score
Sep 11, 2024 EPSS Score
Oct 2, 2024 EPSS Score
Oct 23, 2024 EPSS Score
Nov 13, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 27, 2024 EPSS Score
Jan 17, 2025 EPSS Score
Feb 7, 2025 EPSS Score
Mar 1, 2025 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1251.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1251 advisory
https://support.apple.com/HT213758 advisory
https://support.apple.com/HT213759 advisory
https://support.apple.com/HT213760 advisory

Open in Interactive Console →