CVE-2023-42909: 
macOS vulnerability analysis and mitigation

CVE-2023-42909 is a memory corruption vulnerability discovered in macOS Sonoma that was fixed in version 14.2, released on December 11, 2023. The vulnerability affects the AppleGraphicsControl component and was discovered by Ivan Fratric of Google Project Zero (Apple Support).

The vulnerability is a memory corruption issue that was addressed with improved input validation in macOS Sonoma. The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. The vulnerability could allow an attacker to execute arbitrary code in the context of the logged-on user, potentially enabling them to install programs, view or modify data, or create new accounts with full user rights (CIS Advisory).

Apple has addressed this vulnerability in macOS Sonoma 14.2. Users should update their systems to this version or later to mitigate the risk. The fix implements improved input validation to address the memory corruption issues (Apple Support).