PT-2023-2894 · Apple · Macos Big Sur+4
Thijs Alkemade
+1
·
Published
2023-05-18
·
Updated
2024-12-05
·
CVE-2023-32405
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
macOS Big Sur versions 11.7.7 and earlier
macOS Monterey versions 12.6.6 and earlier
macOS Ventura versions 13.4 and earlier
Description
A logic issue was addressed with improved checks, which may allow an app to gain root privileges. The issue is related to insecure privilege management in the libxpc library of MacOS operating systems, potentially allowing an attacker to execute arbitrary code with root privileges.
Recommendations
For macOS Big Sur versions 11.7.7 and earlier, update to macOS Big Sur 11.7.7 or later.
For macOS Monterey versions 12.6.6 and earlier, update to macOS Monterey 12.6.6 or later.
For macOS Ventura versions 13.4 and earlier, update to macOS Ventura 13.4 or later.
Fix
Incorrect Default Permissions
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Libxpc
Macos Big Sur
Macos Monterey
Macos Ventura