CVE-2023-42943
📋 TL;DR
This macOS vulnerability allows applications to access sensitive location information that should be redacted in system logs. It affects macOS users running versions before Sonoma 14, potentially exposing private location data to malicious or poorly-behaved applications.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
A malicious app could continuously monitor and exfiltrate precise location data, enabling stalking, physical security breaches, or targeted attacks based on user movement patterns.
Likely Case
Apps with legitimate permissions could inadvertently access location data from logs, potentially violating user privacy expectations or exposing data through subsequent vulnerabilities.
If Mitigated
With proper app sandboxing and minimal permissions, only apps with location access could potentially exploit this, limiting exposure to already-trusted applications.
🎯 Exploit Status
Exploitation requires an app to be installed and running on the target system. The app needs to access system logs where location data should have been redacted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Sonoma 14
Vendor Advisory: https://support.apple.com/en-us/HT213940
Restart Required: Yes
Instructions:
1. Open System Settings > General > Software Update. 2. Install macOS Sonoma 14 update. 3. Restart your Mac when prompted.
🔧 Temporary Workarounds
Disable Location Services
allTurn off location services to prevent sensitive location data from being logged
sudo defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -bool false
sudo killall locationd
Restrict App Permissions
allReview and remove location permissions from unnecessary applications
🧯 If You Can't Patch
- Implement strict application allowlisting to prevent unauthorized apps from running
- Regularly audit installed applications and remove any with unnecessary permissions
🔍 How to Verify
Check if Vulnerable:
Check macOS version: if running any version before Sonoma 14, the system is vulnerable.Check Version:
sw_versVerify Fix Applied:
Verify macOS version is Sonoma 14 or later and check that location data in system logs appears properly redacted.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to system logs by applications
- Applications reading log files containing location-related entries
Network Indicators:
- Outbound connections from applications shortly after accessing system logs
SIEM Query:
process_name contains "log" AND (destination_ip != internal_range OR file_path contains ".log")