About the security content of macOS Sonoma 14.1

This document describes the security content of macOS Sonoma 14.1.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

macOS Sonoma 14.1

App Support

Available for: macOS Sonoma

Impact: Parsing a file may lead to an unexpected app termination or arbitrary code execution

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-30774

AppSandbox

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40444: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Automation

Available for: macOS Sonoma

Impact: An app with root privileges may be able to access private information

Description: The issue was addressed with improved checks.

CVE-2023-42952: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Bluetooth

Available for: macOS Sonoma

Impact: An app may gain unauthorized access to Bluetooth

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-42945

Contacts

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41072: Wojciech Regula of SecuRing (wojciechregula.blog) and Csaba Fitzl (@theevilbit) of Offensive Security

CVE-2023-42857: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

CoreAnimation

Available for: macOS Sonoma

Impact: An app may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

Core Recents

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: The issue was resolved by sanitizing logging

CVE-2023-42823

Emoji

Available for: macOS Sonoma

Impact: An attacker may be able to execute arbitrary code as root from the Lock Screen

Description: The issue was addressed by restricting options offered on a locked device.

CVE-2023-41989: Jewel Lambert

FileProvider

Available for: macOS Sonoma

Impact: An app may be able to cause a denial-of-service to Endpoint Security clients

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2023-40413: Adam M.

Find My

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved handling of files.

CVE-2023-42834: Csaba Fitzl (@theevilbit) of Offensive Security

Foundation

Available for: macOS Sonoma

Impact: A website may be able to access sensitive user data when resolving symlinks

Description: This issue was addressed with improved handling of symlinks.

CVE-2023-42844: Ron Masas of BreakPoint.SH

Game Center

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-42953: Michael (Biscuit) Thomas - @biscuit@social.lol

ImageIO

Available for: macOS Sonoma

Impact: Processing an image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-40416: JZ

ImageIO

Available for: macOS Sonoma

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: The issue was addressed with improved bounds checks.

CVE-2023-42848: JZ

IOTextEncryptionFamily

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40423: an anonymous researcher

iperf3

Available for: macOS Sonoma

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved checks.

CVE-2023-38403

Kernel

Available for: macOS Sonoma

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: The issue was addressed with improved memory handling.

CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved permissions logic.

CVE-2023-42850: Thijs Alkemade (@xnyhps) from Computest Sector 7, Zhongquan Li (@Guluisacat), and Bohdan Stasiuk (@Bohdan_Stasiuk)

libc

Available for: macOS Sonoma

Impact: Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps

Description: The issue was addressed with improved memory handling.

CVE-2023-40446: inooo

libxpc

Available for: macOS Sonoma

Impact: A malicious app may be able to gain root privileges

Description: This issue was addressed with improved handling of symlinks.

CVE-2023-42942: Mickey Jin (@patch1t)

Login Window

Available for: macOS Sonoma

Impact: An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac

Description: A logic issue was addressed with improved state management.

CVE-2023-42861: Jon Crain, 凯 王, Brandon Chesser & CPU IT, inc, Matthew McLean, Steven Maser, and the Avalon IT Team of Concentrix

LoginWindow

Available for: macOS Sonoma

Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2023-42935: ASentientBot

Mail Drafts

Available for: macOS Sonoma

Impact: Hide My Email may be deactivated unexpectedly

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-40408: Grzegorz Riegel

Maps

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-40405: Csaba Fitzl (@theevilbit) of Offensive Security

MediaRemote

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-28826: Meng Zhang (鲸落) of NorthSea

Model I/O

Available for: macOS Sonoma

Impact: Processing a file may lead to unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

Networking

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-40404: Certik Skyfall Team

PackageKit

Available for: macOS Sonoma

Impact: An app may be able to modify protected parts of the file system

Description: The issue was addressed with improved checks.

CVE-2023-42859: Arsenii Kostromin (0x3c3e), Mickey Jin (@patch1t), and Hevel Engineering

CVE-2023-42877: Arsenii Kostromin (0x3c3e)

PackageKit

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-42840: Mickey Jin (@patch1t), and Csaba Fitzl (@theevilbit) of Offensive Security

PackageKit

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: A logic issue was addressed with improved checks.

CVE-2023-42853: Mickey Jin (@patch1t)

PackageKit

Available for: macOS Sonoma

Impact: An app may be able to modify protected parts of the file system

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-42860: Koh M. Nakagawa (@tsunek0h) of FFRI Security, Inc.

PackageKit

Available for: macOS Sonoma

Impact: An app may be able to bypass certain Privacy preferences

Description: The issue was addressed with improved checks.

CVE-2023-42889: Mickey Jin (@patch1t)

Passkeys

Available for: macOS Sonoma

Impact: An attacker may be able to access passkeys without authentication

Description: A logic issue was addressed with improved checks.

CVE-2023-42847: an anonymous researcher

Photos

Available for: macOS Sonoma

Impact: Photos in the Hidden Photos Album may be viewed without authentication

Description: An authentication issue was addressed with improved state management.

CVE-2023-42845: Bistrit Dahal

Pro Res

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of 360 Vulnerability Research Institute

Pro Res

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-42873: Mingxuan Yang (@PPPF00L), and happybabywu and Guang Gong of 360 Vulnerability Research Institute

quarantine

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: An access issue was addressed with improvements to the sandbox.

CVE-2023-42838: Yiğit Can YILMAZ (@yilmazcanyigit), Csaba Fitzl (@theevilbit) of Offensive Security

RemoteViewServices

Available for: macOS Sonoma

Impact: An attacker may be able to access user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42835: Mickey Jin (@patch1t)

Safari

Available for: macOS Sonoma

Impact: Visiting a malicious website may reveal browsing history

Description: The issue was addressed with improved handling of caches.

CVE-2023-41977: Alex Renda

Safari

Available for: macOS Sonoma

Impact: Visiting a malicious website may lead to user interface spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-42438: Rafay Baloch & Muhammad Samaak, and an anonymous researcher

Sandbox

Available for: macOS Sonoma

Impact: An attacker may be able to access connected network volumes mounted in the home directory

Description: A logic issue was addressed with improved checks.

CVE-2023-42836: Yiğit Can YILMAZ (@yilmazcanyigit)

Sandbox

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved state management.

CVE-2023-42839: Yiğit Can YILMAZ (@yilmazcanyigit)

Share Sheet

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42878: Kirin (@Pwnrin), Wojciech Regula of SecuRing (wojciechregula.blog), and Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania

Siri

Available for: macOS Sonoma

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2023-41982: Bistrit Dahal

CVE-2023-41997: Bistrit Dahal

CVE-2023-41988: Bistrit Dahal

Siri

Available for: macOS Sonoma

Impact: An app may be able to leak sensitive user information

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42946

SQLite

Available for: macOS Sonoma

Impact: A remote user may be able to cause a denial-of-service

Description: This issue was addressed with improved checks.

CVE-2023-36191

talagent

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Terminal

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved checks.

CVE-2023-42842: an anonymous researcher

Vim

Available for: macOS Sonoma

Impact: Processing malicious input may lead to code execution

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-4733

CVE-2023-4734

CVE-2023-4735

CVE-2023-4736

CVE-2023-4738

CVE-2023-4750

CVE-2023-4751

CVE-2023-4752

CVE-2023-4781

Weather

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania

WebKit

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-41976: 이준성(Junsung Lee)

WebKit

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved checks.

CVE-2023-42852: Pedro Ribeiro (@pedrib1337) and Vitor Pedreira (@0xvhp_) of Agile Information Security

WebKit

Available for: macOS Sonoma

Impact: Visiting a malicious website may lead to address bar spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-42843: Kacper Kwapisz (@KKKas_)

WebKit Process Model

Available for: macOS Sonoma

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-41983: 이준성(Junsung Lee)

WindowServer

Available for: macOS Sonoma

Impact: A website may be able to access the microphone without the microphone use indicator being shown

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-41975: an anonymous researcher

WindowServer

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-42858: an anonymous researcher

Additional recognition

libarchive

We would like to acknowledge Bahaa Naamneh for their assistance.

libxml2

We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance.

Login Window

We would like to acknowledge an anonymous researcher for their assistance.

man

We would like to acknowledge Kirin (@Pwnrin) and Roman Mishchenko for their assistance.

Power Manager

We would like to acknowledge Xia0o0o0o (@Nyaaaaa_ovo) of University of California, San Diego for their assistance.

Preview

We would like to acknowledge Akshay Nagpal for their assistance.

Reminders

We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance.

Setup Assistant

We would like to acknowledge Digvijay Sai Gujjarlapudi, Kyle Andrews, and an anonymous researcher for their assistance.

System Extensions

We would like to acknowledge Jaron Bradley, Ferdous Saljooki, and Austin Prueher of Jamf Software for their assistance.

WebKit

We would like to acknowledge an anonymous researcher for their assistance.