CVE-2023-38609

HIGH

macOS Ventura <13.5 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-38609. PoCs published by mc-17.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-38609, which chains MacDirtyCow (CVE-2022-46689) with a pkg bug to achieve local privilege escalation (LPE) and SIP bypass on macOS Ventura. The exploit overwrites the PAM configuration to gain root, then abuses a vulnerable script in an Apple-signed package to execute arbitrary commands with SIP permissions.

Description

An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.

Exploits (1)

nomisec WORKING POC 3 stars
by mc-17 · poc
https://github.com/mc-17/CVE-2023-38609

This repository contains a functional exploit for CVE-2023-38609, which chains MacDirtyCow (CVE-2022-46689) with a pkg bug to achieve local privilege escalation (LPE) and SIP bypass on macOS Ventura. The exploit overwrites the PAM configuration to gain root, then abuses a vulnerable script in an Apple-signed package to execute arbitrary commands with SIP permissions.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: macOS Ventura (up to 13.5)
No auth needed
Prerequisites: Local access to a vulnerable macOS system · Presence of a vulnerable Apple-signed package
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0091
EPSS Percentile 55.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-74
Status published
Products (1)
apple/macos 13.0 - 13.5
Published Jul 28, 2023
Tracked Since Feb 18, 2026