CVE-2023-40436 – This is a macOS kernel vulnerability where impr... (How to Fix)

Q: What is the severity of CVE-2023-40436?

CVE-2023-40436 has a CVSS score of 9.1 (CRITICAL). This is a macOS kernel vulnerability where improper bounds checking allows attackers to read kernel memory or cause system crashes. It affects macOS systems before Sonoma 14. Attackers could potentially gain elevated privileges or cause denial of service.

📋 TL;DR

This is a macOS kernel vulnerability where improper bounds checking allows attackers to read kernel memory or cause system crashes. It affects macOS systems before Sonoma 14. Attackers could potentially gain elevated privileges or cause denial of service.

💻 Affected Systems

Products:

macOS

Versions: Versions before macOS Sonoma 14

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All macOS systems before Sonoma 14 are vulnerable by default

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to privilege escalation, system compromise, or complete system crash requiring reboot

🟠

Likely Case

System instability, crashes, or limited information disclosure

🟢

If Mitigated

No impact if patched; limited impact if system is isolated with strong access controls

🌐 Internet-Facing: MEDIUM - Requires local access or successful initial compromise to exploit

🏢 Internal Only: HIGH - Local attackers or malware could exploit this for privilege escalation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access; exploitation details not publicly available in references

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14

Vendor Advisory: https://support.apple.com/en-us/HT213940

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sonoma 14 or later 5. Restart when prompted

🧯 If You Can't Patch

Restrict local user access to essential personnel only
Implement application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check macOS version: if earlier than Sonoma 14, system is vulnerable

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is Sonoma 14 or later

📡 Detection & Monitoring

Log Indicators:

Kernel panics
Unexpected system reboots
Console logs showing memory access violations

Network Indicators:

No specific network indicators - local exploitation

SIEM Query:

source="macOS" AND (event="kernel_panic" OR event="system_reboot")

📊 Metadata

CVE ID: CVE-2023-40436

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: September 27, 2023

Last Updated: November 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2023/Oct/3 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT213940 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2023/Oct/3 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT213940 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT213940

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40436, you might also want to check these: