Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-42874
CVE-2023-42874:
macOS vulnerability analysis and mitigation
Overview
CVE-2023-42874 is a security vulnerability affecting macOS Sonoma versions prior to 14.2, discovered by Don Clarke and disclosed on December 11, 2023. The vulnerability allows secure text fields to be displayed via the Accessibility Keyboard when using a physical keyboard (Apple Advisory, Full Disclosure).
Technical details
The vulnerability stems from a state management issue in the Accessibility feature of macOS Sonoma. Apple addressed this security flaw by implementing improved state management mechanisms. The vulnerability has been assigned a CVSS v3.1 base score of 2.4 LOW (Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) (NVD).
Impact
The vulnerability could potentially expose sensitive information by displaying secure text fields through the Accessibility Keyboard when a physical keyboard is in use (Apple Advisory).
Mitigation and workarounds
Apple has addressed this vulnerability in macOS Sonoma 14.2, released on December 11, 2023. Users are advised to update their systems to this version or later to mitigate the security risk (Apple Advisory).
Additional resources
Source: This report was generated using AI
Related macOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management