CVE-2023-42903: 
macOS vulnerability analysis and mitigation

CVE-2023-42903 is a memory corruption vulnerability discovered in macOS Sonoma that was fixed in version 14.2, released on December 11, 2023. The vulnerability affects the AppleGraphicsControl component and was discovered by Ivan Fratric of Google Project Zero (Apple Advisory).

The vulnerability stems from multiple memory corruption issues in the AppleGraphicsControl component of macOS Sonoma. The issue was addressed with improved input validation. The vulnerability has a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability could lead to unexpected application termination or arbitrary code execution when processing a maliciously crafted file. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (Apple Advisory, CIS Advisory).

Apple has addressed this vulnerability in macOS Sonoma 14.2. Users are advised to update to this version or later to protect against exploitation. The fix implements improved input validation to address the memory corruption issues (Apple Advisory).