CVE-2023-32364: Race Condition
Published Jul 24, 2023
·Updated
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.
Credit
Gergely Kalman@@gergely_kalman, pattern-f@@pattern_F_(Ant Security Light), Mohamed GHANNAM@@_simo36, Mickey Jin@@patch1t, Wojciech Regula(SecuRing), Erhad Husovic, Sei K., CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, Kirin@@Pwnrin(SecuRing), (SecuRing), Bool(YunShangHuaAn), found by OSS-Fuzz, Arsenii Kostromin (0x3c3e), Zweig(Kunlun Lab), 香农的三蹦子(Pangu Lab), an anonymous researcher, Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Peter Nguyễn Vũ Hoàng@@peternguyen14(STAR Labs SG Pte), Certik Skyfall Team, Kaitao Xie(Alibaba Group), Xiaolong Bai(Alibaba Group), Valentin Pashkov(Kaspersky), Mikhail Vinogradov(Kaspersky), Georgy Kucherin@@kucher1n(Kaspersky), Leonid Bezvershenko@@bzvr_(Kaspersky), (Kaspersky), Boris Larin@@oct0xor(Kaspersky), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Noah Roskin-Frazee, Taavi Eomäe(Zone Media O), Mickey Jin@@patch1t(Trend Micro Zero Day Initiative), (Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2023-1916, Jonathan Bar Or(Microsoft), Emanuele Cozzi(Microsoft), (Microsoft), Michael Pearse(Microsoft), Csaba Fitzl@@theevilbit(Offensive Security), Sandipan Roy, James Duffy (mangoSecure), Michael Cowell, David Hoyt(Hoyt LLC), Wenchao Li(Hangzhou Orange Shield Information Technology Co), Xiaolong Bai(Hangzhou Orange Shield Information Technology Co), Ltd., CVE-2023-1801, Matthew Loewen, CVE-2023-2426, CVE-2023-2609, CVE-2023-2610, Yiğit Can YILMAZ@@yilmazcanyigit, Pr, Kirin@@Pwnrin, Yishu Wang, Adam M., Johan Carlsson (joaxcar), Narendra Bhati (twitter.com/imnarendrabhati)(Suma Soft Pvt), Pune - India, Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin, Yuval Yarom, Pune - India(TU Wien), Valentino Dalla Valle(TU Wien), Pedro Bernardo(TU Wien), Marco Squarcina(TU Wien), (TU Wien), Lorenzo Veronese(TU Wien), Yuhao Hu, Jiming Wang, Jikai Ren, Anonymous(Trend Micro Zero Day Initiative), Francisco Alonso@@revskills, Junsung Lee, Apple, 이준성(Junsung Lee)(Cross Republic), YeongHyeon Choi@@hyeon101010, ABC Research s.r.o.
Affected Software
6 affected componentsFixes available
Apple macOS Big Sur<11.7.9
11.7.9
macOS<12.6.8
12.6.8
macOS Ventura<13.5
13.5
macOS>=11.0<11.7.9
macOS>=12.0.0<12.6.8
macOS>=13.0<13.5
Event History
Jul 24, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Jul 27, 2023
CVE Published
via MITRE·12:22 AM
Data Sourced
via MITRE·12:22 AM
DescriptionWeakness
Frequently Asked Questions
1
What is CVE-2023-32364?
CVE-2023-32364 is a logic issue in AppSandbox on macOS.
2
What is the severity of CVE-2023-32364?
The severity of CVE-2023-32364 is high, with a CVSS score of 8.6.
3
Which software versions are affected by CVE-2023-32364?
CVE-2023-32364 affects macOS versions 11.0 to 11.7.9, 12.0.0 to 12.6.8, and 13.0 to 13.5.
4
How can I fix CVE-2023-32364?
To fix CVE-2023-32364, update to macOS Ventura 13.5 or later.
5
Where can I find more information about CVE-2023-32364?
You can find more information about CVE-2023-32364 on the Apple support page: [https://support.apple.com/en-us/HT213843](https://support.apple.com/en-us/HT213843)