CVE-2023-42891: 
macOS vulnerability analysis and mitigation

CVE-2023-42891 is an authentication vulnerability in Apple's macOS operating system that was disclosed and patched on December 11, 2023. The vulnerability affects multiple versions of macOS including Sonoma, Ventura, and Monterey. This authentication issue in the IOKit component could allow an application to monitor keystrokes without user permission (Apple Support, NVD).

The vulnerability stems from an authentication issue in the IOKit component that was addressed with improved state management. The issue has a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, no privileges required, and user interaction is needed (NVD).

If exploited, this vulnerability allows a malicious application to monitor keystrokes without obtaining proper user permission, potentially leading to unauthorized access to sensitive user input data (Apple Support).

Apple has released security updates to address this vulnerability in macOS Sonoma 14.2, macOS Ventura 13.6.3, and macOS Monterey 12.7.2. Users are advised to update their systems to these versions or later to mitigate the risk (Apple Support, Apple Support, Apple Support).