CVE-2023-42926: 
macOS vulnerability analysis and mitigation

CVE-2023-42926 is a memory corruption vulnerability discovered in macOS Sonoma affecting the AppleGraphicsControl component. The vulnerability was disclosed and fixed in macOS Sonoma 14.2, released on December 11, 2023. The issue affects versions of macOS Sonoma prior to 14.2. The vulnerability was discovered by Ivan Fratric of Google Project Zero (Apple Support).

The vulnerability is a memory corruption issue that was addressed with improved input validation in the AppleGraphicsControl component. It has a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Successful exploitation could allow an attacker to execute arbitrary code in the context of the logged-on user. Depending on the user's privileges, an attacker could install programs, view or modify data, or create new accounts with full user rights (CIS Advisory).

Apple has addressed this vulnerability in macOS Sonoma 14.2. Users are advised to update to this version or later to mitigate the risk. The fix implements improved input validation to address the memory corruption issues (Apple Support).