CVE-2023-42906: 
macOS vulnerability analysis and mitigation

Multiple memory corruption issues were discovered in macOS Sonoma affecting AppleGraphicsControl component, identified as CVE-2023-42906. The vulnerability was discovered by Ivan Fratric of Google Project Zero and fixed in macOS Sonoma 14.2, released on December 11, 2023. The vulnerability affects macOS Sonoma versions prior to 14.2 (Apple Security).

The vulnerability is related to memory corruption issues in the AppleGraphicsControl component. The issue was addressed with improved input validation. The vulnerability has a CVSS v3.1 Base Score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Successful exploitation could allow an attacker to execute arbitrary code in the context of the logged-on user. Depending on the user's privileges, an attacker could install programs, view or modify data, or create new accounts with full user rights (CIS Advisory).

Apple has addressed this vulnerability in macOS Sonoma 14.2. Users are advised to update to this version immediately. The fix implements improved input validation to address the memory corruption issues. The update can be obtained from the Mac App Store or Apple's Software Downloads website (Apple Security).