Security features bypass in macOS - CVE-2023-41989
Published: October 25, 2023
Vulnerability identifier: #VU82422
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-41989
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows an attacker to compromise the locked device.
The vulnerability exists due to overly permissive options in Emoji. An attacker with physical access to a locked device can execute arbitrary code as root.
How to mitigate CVE-2023-41989
Install updates from vendor's website.