CVE-2023-42884: Input Validation
Published Dec 11, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
an anonymous researcher, Mickey Jin@@patch1t, Marc Newlin(SkySafe), Koh M. Nakagawa@@tsunek0h, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, Yann GASCUEL(Alter Solutions), Anthony Cruz Tyrant Corp@@App, Wojciech Regula(SecuRing), Zhenjiang Zhao(Pangu Team), Qianxin, Junsung Lee, Meysam Firouzi@@R00tkitSMM, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), CVE-2023-42893, CVE-2023-3618, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, Ron Masas(BreakPoint), Csaba Fitzl@@theevilbit(OffSec), Csaba Fitzl@@theevilbit(Offensive Security), Arsenii Kostromin (0x3c3e), Mattie Behrens, Joshua Jewett@@JoshJewett33, Zhongquan Li@@Guluisacat, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), CVE-2023-5344, Pwn2car, Zoom Offensive Security Team, Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), rushikesh nandedkar, SungKwon Lee (Demon.Team), Noah Roskin-Frazee, Pr, Ivan Fratric(Google Project Zero), (Trend Micro Zero Day Initiative), Don Clarke, Kirin@@Pwnrin, Christopher Reynolds, Aymane Chabat, ARJUN S D, Andrew Goldberg(The McCombs School of Business), The University(Texas at Austin), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Jewel Lambert, Yiğit Can YILMAZ@@yilmazcanyigit(Offensive Security), (Offensive Security), Yiğit Can YILMAZ@@yilmazcanyigit, Clément Lecigne(Google's Threat Analysis Group), Apple
Affected Software
14 affected componentsFixes available
Apple macOS<14.2
14.2
tvOS<17.2
17.2
macOS Ventura<13.6.3
13.6.3
Apple iOS and iPadOS<17.2
17.2
Apple iOS, iPadOS, and macOS<17.2
17.2
Apple iOS and iPadOS<16.7.3
16.7.3
Apple iOS, iPadOS, and macOS<16.7.3
16.7.3
Apple iOS, iPadOS, and macOS<16.7.3
Apple iOS, iPadOS, and macOS>=17.0<17.2
iPhone OS<16.7.3
iPhone OS>=17.0<17.2
macOS>=13.0<13.6.3
macOS>=14.0<14.2
tvOS<17.2
Event History
Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Dec 12, 2023
CVE Published
via MITRE·12:27 AM
Data Sourced
via MITRE·12:27 AM
DescriptionWeakness
Data Sourced
via NVD·01:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2023-42884?
The severity of CVE-2023-42884 has not been explicitly categorized but involves sensitive information redaction issues.
2
How do I fix CVE-2023-42884?
To fix CVE-2023-42884, update to macOS Sonoma 14.2, macOS Ventura 13.6.3, iOS 17.2, iPadOS 17.2, or tvOS 17.2.
3
Which Apple products are affected by CVE-2023-42884?
CVE-2023-42884 affects macOS Sonoma, macOS Ventura, iOS, iPadOS, and tvOS.
4
Is there a workaround for CVE-2023-42884?
No official workarounds are provided for CVE-2023-42884; the recommended action is to update to the latest versions.
5
When was CVE-2023-42884 discovered?
The exact discovery date of CVE-2023-42884 is not specified, but it has been addressed in updates for macOS and iOS.