CVE-2023-42900: 
macOS vulnerability analysis and mitigation

CVE-2023-42900 is a security vulnerability affecting macOS Sonoma versions prior to 14.2, discovered by Mickey Jin (@patch1t). The vulnerability was disclosed and patched on December 11, 2023, affecting the CoreMedia Playback component of macOS Sonoma. The vulnerability has a CVSS v3.1 base score of 5.5 (MEDIUM) (NVD).

The vulnerability exists in the CoreMedia Playback component of macOS Sonoma where an app may be able to access user-sensitive data. The issue was addressed with improved checks in macOS Sonoma 14.2. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, no privileges required, user interaction required, and potential for high confidentiality impact (NVD).

The vulnerability allows a malicious application to access user-sensitive data through the CoreMedia Playback component, potentially compromising user privacy and data confidentiality (Apple Support).

Apple has addressed this vulnerability in macOS Sonoma 14.2. Users are advised to update their systems to this version or later to mitigate the risk. The fix implements improved checks in the CoreMedia Playback component (Apple Support).