CVE-2023-32364

HIGH

macOS Ventura <13.5 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-32364. PoCs published by gergelykalman.

AI-analyzed exploit summary This PoC exploits CVE-2023-32364 to escape macOS App Sandbox by manipulating app bundle structures and symlinks to bypass quarantine checks, allowing arbitrary code execution outside the sandbox via environment variable manipulation.

Description

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.

Exploits (1)

nomisec WORKING POC 22 stars

by gergelykalman · poc

https://github.com/gergelykalman/CVE-2023-32364-macos-app-sandbox-escape

View Code ZIP pw:eip

This PoC exploits CVE-2023-32364 to escape macOS App Sandbox by manipulating app bundle structures and symlinks to bypass quarantine checks, allowing arbitrary code execution outside the sandbox via environment variable manipulation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: macOS App Sandbox (versions affected by CVE-2023-32364)

No auth needed

Prerequisites: macOS system with vulnerable App Sandbox · ability to execute scripts within a sandboxed app

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1059.004 - Unix Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213843

Release Notes, Vendor Advisory

https://support.apple.com/kb/HT213844

Release Notes, Vendor Advisory

https://support.apple.com/kb/HT213845

Scores

CVSS v3 8.6

EPSS 0.0075

EPSS Percentile 50.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

apple/macos 11.0 - 11.7.9

Published Jul 27, 2023

Tracked Since Feb 18, 2026