Login Sign Up

CVE-2023-42901

7.8 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

This CVE describes memory corruption vulnerabilities in macOS that could allow arbitrary code execution when processing malicious files. Attackers could exploit these flaws to crash applications or take control of affected systems. All macOS users running vulnerable versions are potentially affected.

💻 Affected Systems

Products:
  • macOS
Versions: Versions prior to macOS Sonoma 14.2
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected macOS versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root privileges and persistent access to the device.

🟠

Likely Case

Application crashes leading to denial of service, with potential for limited code execution in user context.

🟢

If Mitigated

Application termination without code execution if exploit fails or is blocked by security controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but could be delivered via web or email.
🏢 Internal Only: MEDIUM - Similar risk profile internally if users can be tricked into opening malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.2

Vendor Advisory: https://support.apple.com/en-us/HT214036

Restart Required: Yes

Instructions:

1. Open System Settings. 2. Click General. 3. Click Software Update. 4. Install macOS Sonoma 14.2 or later. 5. Restart when prompted.

🔧 Temporary Workarounds

Restrict file processing

all

Limit file processing to trusted sources and file types

Application sandboxing

all

Run potentially vulnerable applications in sandboxed environments

🧯 If You Can't Patch

  • Implement strict file handling policies to prevent processing of untrusted files
  • Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is earlier than 14.2, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 14.2 or later in System Settings > General > About.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes related to file processing
  • Unexpected process creation from file handlers

Network Indicators:

  • File downloads followed by application crashes

SIEM Query:

source="macos" AND (event="application_crash" OR process_name="file_handler")

📊 Metadata

CVE ID: CVE-2023-42901
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 12, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42901, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)