Login Sign Up

CVE-2023-42947

8.6 HIGH
Path Traversal

📋 TL;DR

This CVE describes a path handling vulnerability in Apple operating systems that allows malicious applications to escape their sandbox restrictions. It affects macOS, iOS, iPadOS, tvOS, and watchOS. Successful exploitation could allow an app to access files and resources outside its intended sandbox.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions before macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2, iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. The vulnerability is in the operating system's path validation mechanisms.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could gain unauthorized access to sensitive system files, user data, or other application data, potentially leading to data theft, privilege escalation, or system compromise.

🟠

Likely Case

Malicious apps from untrusted sources could access user documents, photos, or other personal data that should be protected by sandboxing.

🟢

If Mitigated

With proper app vetting and security controls, the risk is limited to apps that bypass Apple's review process or come from untrusted sources.

🌐 Internet-Facing: LOW - This vulnerability requires local app execution, not direct internet exposure.
🏢 Internal Only: MEDIUM - Malicious apps could be installed internally, but requires user interaction or social engineering.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed. No public exploit code has been disclosed as of the advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2, iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2

Vendor Advisory: https://support.apple.com/en-us/HT214035

Restart Required: Yes

Instructions:

1. Open System Settings (macOS) or Settings (iOS/iPadOS). 2. Navigate to General > Software Update. 3. Install the available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Configure devices to only allow app installations from the App Store or trusted developers

For macOS: System Settings > Privacy & Security > Allow apps downloaded from: App Store
For iOS/iPadOS: Settings > General > Device Management > Trust/Untrust developers

🧯 If You Can't Patch

  • Implement application allowlisting to restrict which apps can run on devices
  • Use mobile device management (MDM) to enforce security policies and monitor for suspicious app installations

🔍 How to Verify

Check if Vulnerable:

Check the current OS version against the patched versions listed in the advisory

Check Version:

For macOS: sw_vers -productVersion, For iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify the OS version matches or exceeds the patched versions: macOS Monterey 12.7.2+, macOS Ventura 13.6.3+, iOS 17.2+, iPadOS 17.2+, tvOS 17.2+, watchOS 10.2+, macOS Sonoma 14.2+

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns from applications
  • Sandbox violation logs
  • Application crash reports indicating path handling issues

Network Indicators:

  • Unusual outbound connections from applications that shouldn't have network access

SIEM Query:

source="apple_sandbox_logs" AND (event="sandbox_violation" OR event="path_escape_attempt")

📊 Metadata

CVE ID: CVE-2023-42947
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-22
Published: March 28, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42947, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)