CVE-2023-32364
Published: 27 July 2023
Summary
CVE-2023-32364 is a high-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A logic issue in macOS Ventura allows a sandboxed process to circumvent sandbox restrictions. The flaw is addressed with improved restrictions in version 13.5 and carries a CVSS 3.1 score of 8.6 reflecting local attack vector, low complexity, no privileges required, and required user interaction, with high impact on confidentiality, integrity, and availability.
An attacker able to run or supply a sandboxed process on an affected macOS Ventura system can bypass intended sandbox boundaries, potentially gaining unauthorized access to resources outside the sandbox and achieving significant control over the host.
Apple security advisories state that the issue is resolved in macOS Ventura 13.5 and direct administrators to the corresponding updates published under HT213843, HT213844, and HT213845.
EPSS for the CVE rose from a low baseline to a recorded peak of 0.0865, indicating emerging exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36608
Vulnerability details
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.