Improper Authorization in macOS - CVE-2023-42931
Published: March 25, 2024 / Updated: April 9, 2024
Vulnerability identifier: #VU87755
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2023-42931
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper authorization checks in DiskArbitration. An unprivileged local process can obtain administrative privileges on the system.
How to mitigate CVE-2023-42931
Install updates from vendor's website.