CVE-2023-42905: 
macOS vulnerability analysis and mitigation

CVE-2023-42905 is a memory corruption vulnerability discovered in macOS Sonoma that was fixed in version 14.2, released on December 11, 2023. The vulnerability affects the AppleGraphicsControl component of macOS Sonoma versions from 14.0 up to (excluding) 14.2. When processing a maliciously crafted file, this vulnerability could lead to unexpected application termination or arbitrary code execution (Apple Support, NVD).

The vulnerability is classified as a memory corruption issue that was addressed with improved input validation. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is associated with CWE-787 (Out-of-bounds Write) and was discovered by Ivan Fratric of Google Project Zero (NVD).

The vulnerability can be exploited by processing a maliciously crafted file, which may result in two potential outcomes: unexpected application termination or arbitrary code execution. This poses significant risks to system security and stability (Apple Support).

Apple has addressed this vulnerability in macOS Sonoma 14.2. Users are advised to update their systems to this version or later to mitigate the risk. The fix implements improved input validation to address the memory corruption issues (Apple Support).