CVE-2023-42836: Race Condition
First published: Wed Oct 25 2023(Updated: )
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.
Credit: Yiğit Can YILMAZ @yilmazcanyigit product-security@apple.com Pan ZhenPeng @Peterpan0927 STAR Labs SG PteEloi Benoist-Vanderbeken @elvanderb SynacktivCVE-2023-42893 CVE-2023-3618 CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 Yiğit Can YILMAZ @yilmazcanyigit Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityCsaba Fitzl @theevilbit OffSecArsenii Kostromin (0x3c3e) Zhongquan Li @Guluisacat Zhongquan Li @Guluisacat Dawn Security Lab of JingDongCVE-2023-5344 Koh M. Nakagawa @tsunek0h Yann GASCUEL Alter SolutionsJewel Lambert Anthony Cruz Tyrant Corp @App Wojciech Regula SecuRingMeysam Firouzi @R00tkitSMM Junsung Lee an anonymous researcher Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabMickey Jin @patch1t Kirin @Pwnrin Noah Roskin-Frazee Pr Linus Henze Pinauten GmbHinooo Grzegorz Riegel Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncBistrit Dahal Mingxuan Yang @PPPF00L 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research Institute 360 Vulnerability Research InstituteAdis Alic Sam Lakmaker Kirin @Pwnrin SecuRing Computer ScienceCristian Dinca Computer ScienceRomania CVE-2023-42946 Ting Ding James Mancz Omar Shibli Lorenzo Cavallaro Harry Lewandowski 이준성(Junsung Lee) Cross Republic이준성(Junsung Lee) Pedro Ribeiro @pedrib1337 Agile Information SecurityVitor Pedreira @0xvhp_ Agile Information SecurityKacper Kwapisz @KKKas_ Abhay Kailasia @abhay_kailasia Lakshmi Narain College Of Technology Bhopal IndiaJZ Michael (Biscuit) Thomas - @social.lol @biscuit Peter Nguyễn Vũ Hoàng @peternguyen14 STAR Labs SG PteAdam M. Tomi Tokics @tomitokics iTomsn0wCVE-2023-42823
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <14.1 | 14.1 |
| macOS | <12.7.2 | 12.7.2 |
| macOS Ventura | <13.6.3 | 13.6.3 |
| iPadOS | <17.1 | |
| iPhone OS | <17.1 | |
| macOS | >=12.0<12.7.2 | |
| macOS | >=13.0<13.6.3 | |
| macOS | =14.0 | |
| Apple iOS and iPadOS | <17.1 | 17.1 |
| Apple iOS, iPadOS, and macOS | <17.1 | 17.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT214037 (Advisory)
- https://support.apple.com/en-us/HT214038 (Advisory)
- https://support.apple.com/en-us/120874 (Advisory)
- https://support.apple.com/en-us/120875 (Advisory)
- https://support.apple.com/en-us/109052 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://support.apple.com/kb/HT213982
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42952
- CVE-2023-42945
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-41989
- CVE-2023-42854
- CVE-2023-40413
- CVE-2023-42834
- CVE-2023-42844
- CVE-2023-42953
- CVE-2023-40416
- CVE-2023-42848
- CVE-2023-40423
- CVE-2023-38403
- CVE-2023-42849
- CVE-2023-42850
- CVE-2023-40446
- CVE-2023-42942
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40408
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-42856
- CVE-2023-40404
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-42889
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42841
- CVE-2023-42873
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-41977
- CVE-2023-42438
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42878
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
- CVE-2023-41254
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42843
- CVE-2023-41983
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-42919
- CVE-2023-42894
- CVE-2023-42896
- CVE-2023-42886
- CVE-2023-42931
- CVE-2023-42892
- CVE-2023-42922
- CVE-2023-42899
- CVE-2023-42891
- CVE-2023-42974
- CVE-2023-42914
- CVE-2023-42893
- CVE-2023-3618
- CVE-2020-19185
- CVE-2020-19186
- CVE-2020-19187
- CVE-2020-19188
- CVE-2020-19189
- CVE-2020-19190
- CVE-2023-42936
- CVE-2023-42930
- CVE-2023-42932
- CVE-2023-42947
- CVE-2023-5344
- CVE-2023-42924
- CVE-2023-42884
- CVE-2023-42928
- CVE-2023-42846
- CVE-2023-42951
- CVE-2023-42855
- CVE-2023-40445
- CVE-2023-42939
Frequently Asked Questions
What is the severity of CVE-2023-42836?
CVE-2023-42836 is considered to have a medium severity due to the potential for unauthorized access to connected network volumes.
How do I fix CVE-2023-42836?
To fix CVE-2023-42836, upgrade your device to iOS 17.1, iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, or macOS Monterey 12.7.2.
What systems are affected by CVE-2023-42836?
CVE-2023-42836 affects iOS versions prior to 17.1, iPadOS versions prior to 17.1, and various macOS versions prior to their respective fix releases.
Is there a workaround for CVE-2023-42836?
There is no specific workaround available for CVE-2023-42836; the recommended solution is to update the software.
Who fixed CVE-2023-42836?
CVE-2023-42836 was addressed by Apple in their recent update releases.
- agent/first-publish-date
- agent/type
- agent/severity
- agent/trending
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/source
- alias/CVE-2023-42914
- alias/CVE-2023-42893
- alias/CVE-2023-3618
- alias/CVE-2020-19185
- alias/CVE-2020-19186
- alias/CVE-2020-19187
- alias/CVE-2020-19188
- alias/CVE-2020-19189
- alias/CVE-2020-19190
- alias/CVE-2023-42838
- alias/CVE-2023-42836
- alias/CVE-2023-42936
- alias/CVE-2023-42930
- alias/CVE-2023-42932
- alias/CVE-2023-42947
- alias/CVE-2023-5344
- alias/CVE-2023-42931
- alias/CVE-2023-41989
- alias/CVE-2023-42892
- alias/CVE-2023-42922
- alias/CVE-2023-42834
- alias/CVE-2023-42899
- alias/CVE-2023-42891
- alias/CVE-2023-42974
- alias/CVE-2023-42884
- alias/CVE-2023-42886
- alias/CVE-2023-42894
- alias/CVE-2023-42924
- alias/CVE-2023-42896
- alias/CVE-2023-42952
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- alias/CVE-2023-42845
- alias/CVE-2023-42841
- alias/CVE-2023-42873
- alias/CVE-2023-42951
- alias/CVE-2023-42839
- alias/CVE-2023-42855
- alias/CVE-2023-42878
- alias/CVE-2023-41982
- alias/CVE-2023-41997
- alias/CVE-2023-41988
- alias/CVE-2023-42946
- alias/CVE-2023-40445
- alias/CVE-2023-41254
- alias/CVE-2023-40447
- alias/CVE-2023-41976
- alias/CVE-2023-42852
- alias/CVE-2023-42843
- alias/CVE-2023-42939
- alias/CVE-2023-41983
- alias/CVE-2023-41072
- alias/CVE-2023-42857
- alias/CVE-2023-40449
- alias/CVE-2023-42823
- alias/CVE-2023-42928
- alias/CVE-2023-40413
- alias/CVE-2023-42953
- alias/CVE-2023-40416
- alias/CVE-2023-42848
- alias/CVE-2023-40423
- alias/CVE-2023-42849
- alias/CVE-2023-40446
- alias/CVE-2023-42942
- alias/CVE-2023-40408
- alias/CVE-2023-42846
- alias/CVE-2023-42847
- vendor/apple
- canonical/apple macos
- canonical/macos
- canonical/macos ventura
- canonical/ipados
- canonical/iphone os
- version/macos/12.0
- version/macos/13.0
- version/macos/14.0
- canonical/apple ios and ipados
- canonical/apple ios, ipados, and macos