PT-2023-2894 · Apple · Macos Big Sur+4

Thijs Alkemade

Publicado

2023-05-18

Atualizado

2024-12-05

CVE-2023-32405

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions macOS Big Sur versions 11.7.7 and earlier macOS Monterey versions 12.6.6 and earlier macOS Ventura versions 13.4 and earlier

Description A logic issue was addressed with improved checks, which may allow an app to gain root privileges. The issue is related to insecure privilege management in the libxpc library of MacOS operating systems, potentially allowing an attacker to execute arbitrary code with root privileges.

Recommendations For macOS Big Sur versions 11.7.7 and earlier, update to macOS Big Sur 11.7.7 or later. For macOS Monterey versions 12.6.6 and earlier, update to macOS Monterey 12.6.6 or later. For macOS Ventura versions 13.4 and earlier, update to macOS Ventura 13.4 or later.

Correção

Incorrect Default Permissions

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276CWE-269

Identificadores relacionados

BDU:2023-02849

CVE-2023-32405

Produtos afetados

Apple Macos

Libxpc

Macos Big Sur

Macos Monterey

Macos Ventura

PT-2023-2894 · Apple · Macos Big Sur+4

CVE-2023-32405

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9