CVE-2023-28179 – This vulnerability in macOS allows processing m... (How to Fix)

Q: What is the severity of CVE-2023-28179?

CVE-2023-28179 has a CVSS score of 7.1 (HIGH). This vulnerability in macOS allows processing malicious AppleScript binaries to cause unexpected app termination or memory disclosure. It affects macOS systems running versions before Ventura 13.3. Attackers could exploit this to crash applications or leak sensitive memory contents.

📋 TL;DR

This vulnerability in macOS allows processing malicious AppleScript binaries to cause unexpected app termination or memory disclosure. It affects macOS systems running versions before Ventura 13.3. Attackers could exploit this to crash applications or leak sensitive memory contents.

💻 Affected Systems

Products:

macOS

Versions: Versions before macOS Ventura 13.3

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with AppleScript enabled (default configuration).

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure could expose sensitive information like passwords, encryption keys, or other process data to attackers, potentially leading to further system compromise.

🟠

Likely Case

Application crashes causing denial of service and potential memory leaks revealing some process information.

🟢

If Mitigated

Limited impact with proper patch management and restricted AppleScript execution.

🌐 Internet-Facing: LOW - Requires local execution of malicious AppleScript binaries, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious AppleScript binaries could be executed locally by users or through social engineering attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to execute malicious AppleScript binary. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.3

Vendor Advisory: https://support.apple.com/en-us/HT213670

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Ventura 13.3 or later 5. Restart when prompted

🔧 Temporary Workarounds

Disable AppleScript execution

all

Prevent execution of AppleScript binaries through system policies

sudo defaults write /Library/Preferences/com.apple.AppleScript.plist AppleScriptEnabled -bool false

🧯 If You Can't Patch

Restrict AppleScript execution through application control policies
Implement user awareness training about executing untrusted AppleScript files

🔍 How to Verify

Check if Vulnerable:

Check macOS version: if running macOS Ventura and version is less than 13.3, system is vulnerable.

Check Version:

sw_vers -productVersion

Verify Fix Applied:

Verify macOS version is 13.3 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes related to AppleScript execution
AppleScript process memory access errors

Network Indicators:

No direct network indicators - local exploitation only

SIEM Query:

process_name:osascript AND (event_type:crash OR memory_access_violation)

📊 Metadata

CVE ID: CVE-2023-28179

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Published: August 14, 2023

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT213670 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT213670 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON