Login Sign Up

CVE-2023-42847

7.5 HIGH
Authentication Bypass

📋 TL;DR

This CVE-2023-42847 vulnerability allows attackers to bypass authentication mechanisms and access passkeys without proper credentials. It affects macOS, iOS, and iPadOS users who haven't updated to the latest versions. Passkeys are cryptographic credentials used for passwordless authentication, so this could compromise user accounts.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
Versions: Versions before macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using passkeys for authentication. The vulnerability is in the authentication logic of Apple's operating systems.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of passkey-protected accounts and services, potentially leading to identity theft, financial loss, and unauthorized access to sensitive systems.

🟠

Likely Case

Unauthorized access to specific applications or services using passkeys, potentially exposing personal data or enabling account takeover.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, though authentication bypass remains possible until patched.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability description suggests authentication bypass, making exploitation relatively straightforward if the attack vector is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.1, iOS 17.1, iPadOS 17.1

Vendor Advisory: https://support.apple.com/en-us/HT213982

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Install macOS Sonoma 14.1, iOS 17.1, or iPadOS 17.1. 4. Restart the device after installation.

🔧 Temporary Workarounds

Disable Passkey Authentication

all

Temporarily disable passkey usage and revert to traditional passwords or other MFA methods.

Restrict Physical Access

all

Ensure devices are physically secured to prevent local exploitation.

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable devices
  • Enable enhanced monitoring for unusual authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check the operating system version in Settings > General > About on iOS/iPadOS or Apple menu > About This Mac on macOS.

Check Version:

sw_vers (macOS) or Settings > General > About > Version (iOS/iPadOS)

Verify Fix Applied:

Verify the version is macOS Sonoma 14.1 or later, iOS 17.1 or later, or iPadOS 17.1 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication events
  • Multiple failed authentication attempts followed by success
  • Passkey access from unexpected locations/devices

Network Indicators:

  • Authentication requests bypassing normal flow
  • Unencrypted authentication traffic if applicable

SIEM Query:

source="apple_auth_logs" AND (event_type="passkey_access" AND result="success" AND user_agent NOT IN expected_agents)

📊 Metadata

CVE ID: CVE-2023-42847
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: October 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON