CVE-2023-32383

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213758	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213759	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213760	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

No history.

Information

Published : 2024-01-10 22:15

Updated : 2024-01-18 14:46

NVD link : CVE-2023-32383

Mitre link : CVE-2023-32383

CVE.ORG link : CVE-2023-32383

JSON object : View

Products Affected

apple

macos

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-32383", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-01-10T22:15:47.987", "references": [{"url": "https://support.apple.com/en-us/HT213758", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213759", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213760", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode."}, {"lang": "es", "value": "Este problema se solucion\u00f3 forzando un runtime reforzado en los archivos binarios afectados a nivel del sistema. Este problema se solucion\u00f3 en macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Es posible que una aplicaci\u00f3n pueda inyectar c\u00f3digo en archivos binarios confidenciales incluidos con Xcode."}], "lastModified": "2024-01-18T14:46:30.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA5AB1A2-FCA0-4081-804C-687928811E50", "versionEndExcluding": "11.7.7"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "057C3BDA-4822-4256-A016-4B32A05DD3B7", "versionEndExcluding": "12.6.6", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B", "versionEndExcluding": "13.4", "versionStartIncluding": "13.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}