CVE-2023-42829

MEDIUM

Apple Macos < 11.7.9 - Information Disclosure

Title source: rule

Description

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.

Exploits (1)

nomisec WRITEUP 2 stars

by JamesD4 · poc

https://github.com/JamesD4/CVE-2023-42829

View Code ZIP pw:eip

References (3)

Core 3

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213843

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213844

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213845

Scores

CVSS v3 5.5

EPSS 0.0042

EPSS Percentile 61.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

apple/macos 11.0 - 11.7.9

Published Jan 10, 2024

Tracked Since Feb 18, 2026