CVE-2023-42931

HIGH

macOS < Ventura 13.6.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-42931. PoCs published by d0rb, tageniu.

AI-analyzed exploit summary This repository contains a functional privilege escalation exploit for CVE-2023-42931, targeting macOS Monterey, Ventura, and Sonoma. The exploit leverages the 'diskutil' command to manipulate filesystem mount options, enabling an unprivileged user to gain root access by creating and executing a setuid shell.

Description

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.

Exploits (2)

nomisec WORKING POC 7 stars

by d0rb · poc

https://github.com/d0rb/CVE-2023-42931

View Code ZIP pw:eip

This repository contains a functional privilege escalation exploit for CVE-2023-42931, targeting macOS Monterey, Ventura, and Sonoma. The exploit leverages the 'diskutil' command to manipulate filesystem mount options, enabling an unprivileged user to gain root access by creating and executing a setuid shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: macOS (Monterey, Ventura, Sonoma)

No auth needed

Prerequisites: Access to a vulnerable macOS system · Ability to execute commands as an unprivileged user

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 5 stars

by tageniu · poc

https://github.com/tageniu/CVE-2023-42931

View Code ZIP pw:eip

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2023-42931, targeting macOS versions 12.0-12.7.1, 13.0-13.6.2, and 14.0-14.1.2. The exploit leverages filesystem manipulation to achieve root privileges by creating a setuid shell binary and exploiting improper permission handling.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: macOS 12.0-12.7.1, 13.0-13.6.2, 14.0-14.1.2

No auth needed

Prerequisites: Access to a vulnerable macOS system · Ability to execute scripts

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214036

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214037

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214038

Vendor Advisory

https://support.apple.com/kb/HT214036

Vendor Advisory

https://support.apple.com/kb/HT214037

Vendor Advisory

https://support.apple.com/kb/HT214038

Scores

CVSS v3 7.8

EPSS 0.0117

EPSS Percentile 63.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-280

Status published

Products (1)

apple/macos 12.0 - 12.7.2

Published Mar 28, 2024

Tracked Since Feb 18, 2026