CVE-2023-28200: 
macOS vulnerability analysis and mitigation

A validation issue was discovered in Apple's operating systems that could allow an app to disclose kernel memory. This vulnerability, tracked as CVE-2023-28200, was reported by security researcher Arsenii Kostromin (0x3c3e) and fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5, released on March 27, 2023 (Apple Support, CVE).

The vulnerability stems from a validation issue in the kernel component that could lead to the disclosure of kernel memory. The issue was addressed by Apple through improved input sanitization. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, no privileges needed, user interaction required, and potential for high confidentiality impact (NVD).

If exploited, this vulnerability could allow a malicious application to disclose kernel memory, potentially exposing sensitive system information. The vulnerability affects multiple Apple operating systems including macOS Ventura, Monterey, Big Sur, iOS, and iPadOS (Apple Support).

Apple has addressed this vulnerability by implementing improved input sanitization in the affected operating systems. Users are advised to update to macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, or macOS Big Sur 11.7.5, depending on their system (Apple Support).