CVE-2023-42914: Input Validation
Published Dec 11, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), Mickey Jin@@patch1t, an anonymous researcher, Marc Newlin(SkySafe), Koh M. Nakagawa@@tsunek0h, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, Yann GASCUEL(Alter Solutions), Anthony Cruz Tyrant Corp@@App, Wojciech Regula(SecuRing), Zhenjiang Zhao(Pangu Team), Qianxin, Junsung Lee, Meysam Firouzi@@R00tkitSMM, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), CVE-2023-42893, CVE-2023-3618, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, Ron Masas(BreakPoint), Csaba Fitzl@@theevilbit(OffSec), Csaba Fitzl@@theevilbit(Offensive Security), Arsenii Kostromin (0x3c3e), Mattie Behrens, Joshua Jewett@@JoshJewett33, Zhongquan Li@@Guluisacat, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), CVE-2023-5344, Pwn2car, Zoom Offensive Security Team, Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), rushikesh nandedkar, SungKwon Lee (Demon.Team), Noah Roskin-Frazee, Pr, Ivan Fratric(Google Project Zero), (Trend Micro Zero Day Initiative), Don Clarke, Kirin@@Pwnrin, Clément Lecigne(Google's Threat Analysis Group), rushikesh nandedka, Christopher Reynolds, Aymane Chabat, ARJUN S D, Andrew Goldberg(The McCombs School of Business), The University(Texas at Austin), Yiğit Can YILMAZ@@yilmazcanyigit(Offensive Security), (Offensive Security), Yiğit Can YILMAZ@@yilmazcanyigit, Jewel Lambert, Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Apple
Affected Software
18 affected componentsFixes available
Apple macOS Sonoma<14.2
14.2
Apple tvOS<17.2
17.2
Apple WatchOS<10.2
10.2
Apple macOS Monterey<12.7.2
12.7.2
Apple macOS Ventura<13.6.3
13.6.3
Apple iOS<17.2
17.2
Apple iPadOS<17.2
17.2
Apple iOS<16.7.3
16.7.3
Apple iPadOS<16.7.3
16.7.3
Apple iPadOS<16.7.3
Apple iPadOS>=17.0<17.2
Apple iPhone OS<16.7.3
Apple iPhone OS>=17.0<17.2
Apple macOS>=12.0.0<12.7.2
Apple macOS>=13.0<13.6.3
Apple macOS>=14.0<14.2
Apple tvOS<17.2
Apple WatchOS<10.2
Event History
Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Dec 12, 2023
CVE Published
via MITRE·12:27 AM
Data Sourced
via MITRE·12:27 AM
DescriptionWeakness
Data Sourced
via NVD·01:15 AM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2023-42914?
CVE-2023-42914 is categorized with high severity due to potential memory handling issues in the kernel.
2
How do I fix CVE-2023-42914?
To address CVE-2023-42914, update to the latest versions of affected Apple products, including iOS 17.2 and macOS Sonma 14.2.
3
Which Apple products are affected by CVE-2023-42914?
CVE-2023-42914 affects multiple Apple products including iOS, iPadOS, macOS Monterey, macOS Ventura, macOS Sonoma, watchOS, and tvOS.
4
What versions of iOS are vulnerable to CVE-2023-42914?
iOS versions prior to 17.2, including iOS 16.7.3, are vulnerable to CVE-2023-42914.
5
Is there a workaround for CVE-2023-42914?
There are no known workarounds for CVE-2023-42914; the best approach is to apply the latest software updates.