CVE-2023-42860

Exploited in the Wild

NIST CVSS Scores

CVSS v3.1 Base Score: 5.5 (Medium)

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA CVSS Scores

CVSS v3.1 Base Score: 7.7 (High)

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Operating Systems Impacted

macOS Monterey (prior to 12.7.1)
macOS Ventura (prior to 13.6.1)
macOS Sonoma (prior to 14.1)

Additional Resources

Description

CVE-2023-42860 is a permissions issue within Apple's PackageKit framework that could allow an application to modify protected parts of the file system. The vulnerability was addressed by Apple through additional restrictions in macOS Monterey 12.7.1, macOS Ventura 13.6.1, and macOS Sonoma 14.1. According to Kandji's analysis, this vulnerability allowed an attacker to swap the installer package after the system verified its code signature. The system would then install the supplied package instead of the original, enabling the attacker to bypass System Integrity Protection (SIP).

Impact

Exploitation of this vulnerability could lead to unauthorized modification of protected file system areas by an application. The severity of this issue has been assessed as follows:

How Apple Mitigates Vulnerabilities in Installer Scripts

The scripts that macOS uses to install new apps have known vulnerabilities. Fortunately, Apple has come up with a clever solution to mitigate them.

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.

Description

Impact

How Apple Mitigates Vulnerabilities in Installer Scripts

CVE-2023-23533

CVE-2024-27883

CVE-2024-44175

Stay up to date