CVE-2023-42922: Input Validation
Published Dec 11, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Wojciech Regula(SecuRing), Mickey Jin@@patch1t, an anonymous researcher, Marc Newlin(SkySafe), Koh M. Nakagawa@@tsunek0h, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, Yann GASCUEL(Alter Solutions), Anthony Cruz Tyrant Corp@@App, Zhenjiang Zhao(Pangu Team), Qianxin, Junsung Lee, Meysam Firouzi@@R00tkitSMM, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), CVE-2023-42893, CVE-2023-3618, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, Ron Masas(BreakPoint), Csaba Fitzl@@theevilbit(OffSec), Csaba Fitzl@@theevilbit(Offensive Security), Arsenii Kostromin (0x3c3e), Mattie Behrens, Joshua Jewett@@JoshJewett33, Zhongquan Li@@Guluisacat, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), CVE-2023-5344, Pwn2car, Zoom Offensive Security Team, Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), rushikesh nandedkar, SungKwon Lee (Demon.Team), Noah Roskin-Frazee, Pr, Ivan Fratric(Google Project Zero), (Trend Micro Zero Day Initiative), Don Clarke, Kirin@@Pwnrin, Christopher Reynolds, Aymane Chabat, ARJUN S D, Andrew Goldberg(The McCombs School of Business), The University(Texas at Austin), Jewel Lambert, Yiğit Can YILMAZ@@yilmazcanyigit(Offensive Security), (Offensive Security), Yiğit Can YILMAZ@@yilmazcanyigit, Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Apple
Affected Software
14 affected componentsFixes available
Apple macOS<14.2
14.2
macOS<12.7.2
12.7.2
macOS Ventura<13.6.3
13.6.3
Apple iOS and iPadOS<17.2
17.2
Apple iOS, iPadOS, and macOS<17.2
17.2
Apple iOS and iPadOS<16.7.3
16.7.3
Apple iOS, iPadOS, and macOS<16.7.3
16.7.3
Apple iOS, iPadOS, and macOS<16.7.3
Apple iOS, iPadOS, and macOS>=17.0<17.2
iPhone OS<16.7.3
iPhone OS>=17.0<17.2
macOS>=12.0.0<12.7.2
macOS>=13.0<13.6.3
macOS>=14.0<14.2
Event History
Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Dec 12, 2023
CVE Published
via MITRE·12:27 AM
Data Sourced
via MITRE·12:27 AM
DescriptionWeakness
Data Sourced
via NVD·01:15 AM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2023-42922?
CVE-2023-42922 has a severity rating that indicates a significant risk due to improper redaction of sensitive information.
2
How do I fix CVE-2023-42922?
To fix CVE-2023-42922, update to macOS Sonoma 14.2, iOS 17.2, iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3, or iPadOS 16.7.3.
3
What products are affected by CVE-2023-42922?
CVE-2023-42922 affects macOS Monterey, macOS Ventura, macOS Sonoma, iOS, and iPadOS versions prior to their respective fixed releases.
4
What types of issues does CVE-2023-42922 address?
CVE-2023-42922 addresses an issue with improved redaction of sensitive information to prevent exposure.
5
Is there a workaround for CVE-2023-42922?
There are no public workarounds provided for CVE-2023-42922; users are recommended to apply the software updates.