CVE-2023-42896: Input Validation
Published Dec 11, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Mickey Jin@@patch1t, an anonymous researcher, Marc Newlin(SkySafe), Koh M. Nakagawa@@tsunek0h, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, Yann GASCUEL(Alter Solutions), Anthony Cruz Tyrant Corp@@App, Wojciech Regula(SecuRing), Zhenjiang Zhao(Pangu Team), Qianxin, Junsung Lee, Meysam Firouzi@@R00tkitSMM, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), CVE-2023-42893, CVE-2023-3618, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, Ron Masas(BreakPoint), Csaba Fitzl@@theevilbit(OffSec), Csaba Fitzl@@theevilbit(Offensive Security), Arsenii Kostromin (0x3c3e), Mattie Behrens, Joshua Jewett@@JoshJewett33, Zhongquan Li@@Guluisacat, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), CVE-2023-5344, Pwn2car, Zoom Offensive Security Team, Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), rushikesh nandedkar, SungKwon Lee (Demon.Team), Noah Roskin-Frazee, Pr, Ivan Fratric(Google Project Zero), (Trend Micro Zero Day Initiative), Don Clarke, Kirin@@Pwnrin, Christopher Reynolds, Aymane Chabat, ARJUN S D, Andrew Goldberg(The McCombs School of Business), The University(Texas at Austin), Jewel Lambert, Yiğit Can YILMAZ@@yilmazcanyigit(Offensive Security), (Offensive Security), Yiğit Can YILMAZ@@yilmazcanyigit, Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Apple
Affected Software
14 affected componentsFixes available
Apple macOS<14.2
14.2
macOS<12.7.2
12.7.2
macOS Ventura<13.6.3
13.6.3
Apple iOS and iPadOS<17.2
17.2
Apple iOS, iPadOS, and macOS<17.2
17.2
Apple iOS and iPadOS<16.7.3
16.7.3
Apple iOS, iPadOS, and macOS<16.7.3
16.7.3
Apple iOS, iPadOS, and macOS<16.7.3
Apple iOS, iPadOS, and macOS>=17.0<17.2
iPhone OS<16.7.3
iPhone OS>=17.0<17.2
macOS>=12.0<12.7.2
macOS>=13.0<13.6.3
macOS>=14.0<14.2
Event History
Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Mar 28, 2024
CVE Published
via MITRE·03:39 PM
Data Sourced
via MITRE·03:39 PM
DescriptionWeakness
Data Sourced
via NVD·04:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2023-42896?
CVE-2023-42896 has been classified as a medium severity vulnerability.
2
How do I fix CVE-2023-42896?
To fix CVE-2023-42896, update to the latest versions of macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.2, iOS 17.2, or iPadOS 17.2.
3
Which products are affected by CVE-2023-42896?
CVE-2023-42896 affects macOS Monterey, macOS Ventura, macOS Sonoma, iOS, and iPadOS prior to the specified versions.
4
What kind of vulnerability is CVE-2023-42896?
CVE-2023-42896 is related to the handling of temporary files, potentially allowing an app to modify protected parts of the file system.
5
When was CVE-2023-42896 disclosed?
CVE-2023-42896 was disclosed as part of Apple’s security updates in late 2023.