Cyber Resilience

CVE-2023-32364

High

Published: 27 July 2023

Published
27 July 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0615 91.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-32364 is a high-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A logic issue in macOS Ventura allows a sandboxed process to circumvent sandbox restrictions. The flaw is addressed with improved restrictions in version 13.5 and carries a CVSS 3.1 score of 8.6 reflecting local attack vector, low complexity, no privileges required, and required user interaction, with high impact on confidentiality, integrity, and availability.

An attacker able to run or supply a sandboxed process on an affected macOS Ventura system can bypass intended sandbox boundaries, potentially gaining unauthorized access to resources outside the sandbox and achieving significant control over the host.

Apple security advisories state that the issue is resolved in macOS Ventura 13.5 and direct administrators to the corresponding updates published under HT213843, HT213844, and HT213845.

EPSS for the CVE rose from a low baseline to a recorded peak of 0.0865, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
macos
11.0 — 11.7.9 · 12.0.0 — 12.6.8 · 13.0 — 13.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References