CVE-2023-42899: 
macOS vulnerability analysis and mitigation

CVE-2023-42899 is an image processing vulnerability that affects multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and watchOS. The vulnerability was discovered by Meysam Firouzi @R00tkitSMM and Junsung Lee, and was officially patched in December 2023 with the release of macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2 (Apple Security).

The vulnerability exists in the ImageIO component and could lead to arbitrary code execution when processing an image. The issue was addressed with improved memory handling. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected system through malicious image processing. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (NVD).

Apple has addressed this vulnerability by improving memory handling in the affected systems. Users are advised to update to the following versions: macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, or macOS Monterey 12.7.2 (Apple Security).