Login Sign Up

CVE-2023-42873

7.8 HIGH

📋 TL;DR

This is a kernel privilege escalation vulnerability in Apple operating systems where an application can bypass bounds checks to execute arbitrary code with kernel privileges. It affects macOS, iOS, iPadOS, and tvOS. Attackers could gain complete control over affected devices.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
Versions: Versions prior to macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2, iPadOS 16.7.2, iOS 17.1, iPadOS 17.1, macOS Ventura 13.6.1
Operating Systems: macOS, iOS, iPadOS, tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. The vulnerability requires local access or malicious app installation.

📦 What is this software?

Ipad Os by Apple

View all CVEs affecting Ipad Os →

Ipad Os by Apple

View all CVEs affecting Ipad Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing installation of persistent malware, data theft, and disabling of security controls.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive data and system resources.

🟢

If Mitigated

Limited impact if systems are fully patched and have proper application sandboxing and security controls.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or tricking user into installing malicious application. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1

Vendor Advisory: https://support.apple.com/en-us/HT213981

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Application Restriction

macOS

Restrict installation of untrusted applications to reduce attack surface.

sudo spctl --master-enable
sudo spctl --enable --label "Developer ID"

🧯 If You Can't Patch

  • Implement strict application control policies to prevent installation of untrusted software.
  • Isolate vulnerable systems from critical network segments and monitor for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check current OS version against patched versions listed in Apple advisories.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version, tvOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: macOS Sonoma 14.1+, tvOS 17.1+, macOS Monterey 12.7.1+, iOS 16.7.2+, iPadOS 16.7.2+, iOS 17.1+, iPadOS 17.1+, macOS Ventura 13.6.1+.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected privilege escalation events
  • Suspicious application installation

Network Indicators:

  • Unusual outbound connections from Apple devices
  • C2 communication patterns

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2023-42873
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 21, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42873, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)