CVE-2023-42896

Vulnerability

CVE-2023-42896 is a vulnerability in Apple's handling of temporary files that allows an app to modify protected parts of the file system. The issue affects macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, and macOS Sonoma 14.2 [1][2][3][4]. The bug was addressed with improved handling of temporary files.

Exploitation

An attacker needs to have an app running on an affected device. No additional network position or authentication beyond the app's existing sandbox is explicitly stated in the available references. The exploitation sequence is not detailed in the references, but the vulnerability is reachable by any app on the system.

Impact

Successful exploitation allows an app to modify protected parts of the file system. The exact scope of protection bypassed is not specified in the references, but the impact is a violation of file system integrity, potentially allowing the app to modify system files or other protected content.

Mitigation

The vulnerability was fixed by Apple on December 11, 2023, with the release of macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, and macOS Sonoma 14.2 [1][2][3][4]. Users should update to the latest versions of their operating systems. No workarounds or EOL status are mentioned in the references; the fix is available through the standard OS update mechanism.