CVE-2023-42838: Race Condition

Published Oct 25, 2023
·
Updated

Accounts. A privacy issue was addressed with improved private data redaction for log entries.

Other sources

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

MITRE

AppleEvents. This issue was addressed with improved redaction of sensitive information.

Apple

Archive Utility. A logic issue was addressed with improved checks.

Apple

Assets. An issue was addressed with improved handling of temporary files.

Apple

Automation. The issue was addressed with improved checks.

Apple

Credit

Yiğit Can YILMAZ@@yilmazcanyigit(Offensive Security), Csaba Fitzl@@theevilbit(Offensive Security), (Offensive Security), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), CVE-2023-42893, CVE-2023-3618, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, Yiğit Can YILMAZ@@yilmazcanyigit, Csaba Fitzl@@theevilbit(OffSec), Arsenii Kostromin (0x3c3e), Zhongquan Li@@Guluisacat, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), CVE-2023-5344, Koh M. Nakagawa@@tsunek0h, Yann GASCUEL(Alter Solutions), Jewel Lambert, Anthony Cruz Tyrant Corp@@App, Wojciech Regula(SecuRing), Meysam Firouzi@@R00tkitSMM, Junsung Lee, an anonymous researcher, Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Mickey Jin@@patch1t, Kirin@@Pwnrin, Noah Roskin-Frazee, Pr

Affected Software

6 affected componentsFixes available
Apple macOS<14.1
14.1
macOS<12.7.2
12.7.2
macOS Ventura<13.6.3
13.6.3
macOS>=12.0<12.7.2
macOS>=13.0<13.6.3
macOS=14.0

Event History

Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Feb 21, 2024
CVE Published
via MITRE·06:41 AM
Data Sourced
via MITRE·06:41 AM
DescriptionWeakness
Data Sourced
via NVD·07:15 AM
DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-42838?

CVE-2023-42838 is classified as a significant security issue due to its potential for arbitrary code execution.

2

How do I fix CVE-2023-42838?

To fix CVE-2023-42838, update your macOS to version 12.7.2, 13.6.3, or 14.1, depending on which version you are using.

3

Which macOS versions are affected by CVE-2023-42838?

CVE-2023-42838 affects macOS versions from 12.0 up to 12.7.2, 13.0 up to 13.6.3, and specifically version 14.0.

4

What type of vulnerability is CVE-2023-42838?

CVE-2023-42838 is an access control vulnerability that allows applications to potentially execute arbitrary code outside of their designated sandbox.

5

Is there a workaround for CVE-2023-42838?

There are no official workarounds for CVE-2023-42838; the only mitigation is to update to the fixed versions of macOS.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203