CVE-2023-42829

Vulnerability

CVE-2023-42829 is a privacy issue in macOS that may permit an app to access SSH passphrases. The flaw exists in the operating system's handling of app states, where insufficient restrictions on the observability of these states could leak sensitive credentials. The issue is present in macOS Ventura 13.5 and earlier, macOS Monterey 12.6.8 and earlier, and macOS Big Sur 11.7.9 and earlier [1][2][3].

Exploitation

An attacker would need to have a malicious or compromised app installed on the target system. No specific authentication or elevated privileges beyond standard app capabilities are required to exploit this vulnerability. The app can directly observe app states, which include SSH passphrases, without any additional user interaction beyond normal app operation.

Impact

A successful exploit allows the malicious app to access SSH passphrases, leading to potential disclosure of credentials. This could enable the attacker to impersonate the user for SSH connections, gaining unauthorized access to remote systems and data. The impact is primarily on confidentiality, with possible cascading effects on integrity and availability if the passphrases are used for further attacks.

Mitigation

Apple addressed the issue by adding additional restrictions on the observability of app states. The vulnerability is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, and macOS Ventura 13.5, all released on July 24, 2023 [1][2][3]. Users are strongly advised to update to the latest available versions. There are no known workarounds; applying the security updates is the only mitigation.