CVE-2023-42905 – This CVE describes memory corruption vulnerabil... (How to Fix)

Q: What is the severity of CVE-2023-42905?

CVE-2023-42905 has a CVSS score of 7.8 (HIGH). This CVE describes memory corruption vulnerabilities in macOS that could allow arbitrary code execution when processing malicious files. Attackers could exploit these to crash applications or take control of affected systems. All macOS users running vulnerable versions are potentially affected.

📋 TL;DR

This CVE describes memory corruption vulnerabilities in macOS that could allow arbitrary code execution when processing malicious files. Attackers could exploit these to crash applications or take control of affected systems. All macOS users running vulnerable versions are potentially affected.

💻 Affected Systems

Products:

macOS

Versions: Versions prior to macOS Sonoma 14.2

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS versions are vulnerable

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root privileges and persistent access

🟠

Likely Case

Application crashes leading to denial of service, with potential for limited code execution in user context

🟢

If Mitigated

Application termination without code execution if exploit fails or is blocked by security controls

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but could be delivered via web or email

🏢 Internal Only: MEDIUM - Similar risk profile internally if users can be tricked into opening malicious files

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file, but memory corruption vulnerabilities can be reliable once weaponized

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.2

Vendor Advisory: https://support.apple.com/en-us/HT214036

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sonoma 14.2 or later 5. Restart when prompted

🔧 Temporary Workarounds

Restrict file processing

all

Use application sandboxing or endpoint protection to restrict processing of untrusted files

🧯 If You Can't Patch

Implement application allowlisting to restrict which applications can process files
Deploy endpoint detection and response (EDR) to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 14.2 or later and check Apple security updates are applied

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected process termination logs

Network Indicators:

File downloads from untrusted sources followed by application crashes

SIEM Query:

process:terminated AND (memory_access_violation OR segmentation_fault) AND os:macos

📊 Metadata

CVE ID: CVE-2023-42905

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 12, 2023

Last Updated: November 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2023/Dec/9 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT214036 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2023/Dec/9 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT214036 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT214036

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42905, you might also want to check these: