CVE-2023-42901: Input Validation
Published Dec 11, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Ivan Fratric(Google Project Zero), (Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Noah Roskin-Frazee, Pr, Mickey Jin@@patch1t, an anonymous researcher, Marc Newlin(SkySafe), Koh M. Nakagawa@@tsunek0h, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, Yann GASCUEL(Alter Solutions), Anthony Cruz Tyrant Corp@@App, Wojciech Regula(SecuRing), Zhenjiang Zhao(Pangu Team), Qianxin, Junsung Lee, Meysam Firouzi@@R00tkitSMM, Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), CVE-2023-42893, CVE-2023-3618, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, Ron Masas(BreakPoint), Csaba Fitzl@@theevilbit(OffSec), Csaba Fitzl@@theevilbit(Offensive Security), Arsenii Kostromin (0x3c3e), Mattie Behrens, Joshua Jewett@@JoshJewett33, Zhongquan Li@@Guluisacat, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), CVE-2023-5344, Pwn2car, Zoom Offensive Security Team, Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), rushikesh nandedkar, SungKwon Lee (Demon.Team), Don Clarke, Kirin@@Pwnrin, Apple
Affected Software
2 affected componentsFixes available
Apple macOS<14.2
14.2
macOS>=14.0<14.2
Event History
Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Dec 12, 2023
CVE Published
via MITRE·12:27 AM
Data Sourced
via MITRE·12:27 AM
DescriptionWeakness
Data Sourced
via NVD·01:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2023-42901?
CVE-2023-42901 has been rated as a significant security vulnerability due to multiple memory corruption issues that can lead to unexpected application termination.
2
How do I fix CVE-2023-42901?
To mitigate CVE-2023-42901, users should update to macOS Sonoma version 14.2 or later.
3
What devices are affected by CVE-2023-42901?
CVE-2023-42901 affects Apple macOS versions from 14.0 up to, but not including, 14.2.
4
What type of issues does CVE-2023-42901 involve?
CVE-2023-42901 involves multiple memory corruption issues that result from improper input validation.
5
Can CVE-2023-42901 be exploited remotely?
Exploitation of CVE-2023-42901 would typically require processing a maliciously crafted file, indicating a potential local threat.