CVE-2023-32364: 
macOS vulnerability analysis and mitigation

CVE-2023-32364 is a security vulnerability in macOS that affects versions from macOS Big Sur 11.0 through macOS Ventura 13.5. The vulnerability was discovered by Gergely Kalman and disclosed to Apple in 2023. It allows a sandboxed process to circumvent sandbox restrictions through a logic issue in the AppSandbox component (Apple Support).

The vulnerability is classified as a logic issue in the AppSandbox component with a CVSS v3.1 base score of 8.6 (HIGH). The vulnerability vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD). The issue stems from three main problems: unprivileged user mounting capabilities, reliance on optional filesystem features for security, and mixing of unrelated identities in the context of apps (Security Online).

The vulnerability allows a sandboxed process to break out of its containment and execute code within the Terminal, effectively bypassing the macOS sandbox security mechanism. This could potentially lead to unauthorized access to system resources and compromise of system security (Security Online).

Apple addressed this vulnerability in macOS Ventura 13.5, macOS Monterey 12.6.8, and macOS Big Sur 11.7.9 released in July 2023. The fix includes preventing sandboxed apps from creating directories on devfs and requiring the .app extension. Users are strongly advised to update to these or later versions to protect against this vulnerability (Apple Support).

Security researchers have noted that Apple's primary corrective measure might be more of a temporary solution, as the sandbox could still be penetrable if an attacker can create a directory without the quarantine flag (Security Online).