CVE-2023-42935: 
macOS vulnerability analysis and mitigation

CVE-2023-42935 is an authentication vulnerability discovered in Apple's macOS operating system that affects the LoginWindow component. The vulnerability was disclosed and patched in January 2024 with the release of macOS Ventura 13.6.4 and macOS Sonoma 14.1. The issue affects macOS versions from 13.0 up to (excluding) 13.6.4 and versions from 14.0 up to (excluding) 14.1 (Apple Support, NVD).

The vulnerability is characterized as an authentication issue in the LoginWindow component of macOS, specifically related to state management during fast user switching. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access is required and the primary impact is on confidentiality (NVD).

When exploited, this vulnerability allows a local attacker to view the previous logged-in user's desktop from the fast user switching screen, potentially exposing sensitive information from the previous user's session (Apple Support).

Apple has addressed this vulnerability by improving state management in the LoginWindow component. Users are advised to update to macOS Ventura 13.6.4 or macOS Sonoma 14.1 or later versions to protect against this vulnerability (Apple Support).

The vulnerability was discovered and reported by ASentientBot, and Apple has credited them for the discovery in their security advisory (Apple Support).