CVE-2023-32352: 
macOS vulnerability analysis and mitigation

A logic issue in Apple's LaunchServices component that could allow an app to bypass Gatekeeper checks was discovered and patched in May 2023. The vulnerability (CVE-2023-32352) affects multiple Apple operating systems including watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5 (Apple Support, NVD). The issue was discovered by Wojciech Reguła of SecuRing.

The vulnerability stems from a logic issue in the LaunchServices component that was addressed with improved checks. The issue has a CVSS v3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates local access is required, low attack complexity, no privileges needed, user interaction required, scope unchanged, no impact to confidentiality, high impact to integrity, and no impact to availability (NVD).

If exploited, this vulnerability could allow a malicious app to bypass Apple's Gatekeeper security checks. Gatekeeper is a security feature that helps protect macOS users by ensuring only trusted software runs on their systems, so bypassing it could potentially allow unauthorized or malicious code execution (Apple Support).

Apple has addressed this vulnerability by implementing improved checks in the affected operating systems. Users should update to watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 or iPadOS 16.5 or later versions to receive the fix (Apple Support).