Login Sign Up

CVE-2023-36854

7.8 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability in macOS allows processing malicious files to cause unexpected app termination or arbitrary code execution. It affects macOS Big Sur, Monterey, and Ventura users who open untrusted files. Attackers could exploit this to crash applications or execute malicious code on vulnerable systems.

💻 Affected Systems

Products:
  • macOS
Versions: macOS Big Sur 11.0-11.7.8, macOS Monterey 12.0-12.6.7, macOS Ventura 13.0-13.4
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected macOS versions are vulnerable when processing files.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes or denial of service from malicious files, potentially leading to limited code execution.

🟢

If Mitigated

No impact if systems are patched or proper file handling controls prevent malicious file processing.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email or web downloads.
🏢 Internal Only: MEDIUM - Internal users could inadvertently process malicious files from untrusted sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to process malicious files. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5

Vendor Advisory: https://support.apple.com/en-us/HT213843

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart when prompted.

🔧 Temporary Workarounds

Restrict file processing

all

Limit file processing to trusted sources and avoid opening files from unknown origins.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of untrusted applications
  • Use endpoint protection with file scanning capabilities

🔍 How to Verify

Check if Vulnerable:

Check macOS version via 'sw_vers' command or System Settings > General > About

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 11.7.9, 12.6.8, or 13.5 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application crashes, suspicious file processing events

Network Indicators:

  • Downloads of suspicious file types followed by application crashes

SIEM Query:

source="macos" AND (event="app_crash" OR event="file_open") AND file_extension IN (suspicious_extensions)

📊 Metadata

CVE ID: CVE-2023-36854
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: July 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON