CVE-2023-42908: 
macOS vulnerability analysis and mitigation

CVE-2023-42908 is a memory corruption vulnerability discovered in macOS Sonoma that was fixed in version 14.2, released on December 11, 2023. The vulnerability affects the AppleGraphicsControl component and was discovered by Ivan Fratric of Google Project Zero (Apple Support, NVD).

The vulnerability is classified as a memory corruption issue that was addressed with improved input validation. It has a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is associated with CWE-787 (Out-of-bounds Write) (NVD).

Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. The vulnerability could allow an attacker to execute arbitrary code in the context of the logged-on user, potentially leading to installing programs, viewing or changing data, or creating new accounts with full user rights (CIS Advisory).

Apple has addressed this vulnerability in macOS Sonoma 14.2. Users are advised to update to this version or later to mitigate the risk. The fix implements improved input validation to address the memory corruption issues (Apple Support).