Critical macOS Vulnerability CVE-2023-32428 Discovered
/ 1 min read
High-severity macOS vulnerability allows local privilege escalation. Security researcher Gergely Kalman has identified a critical flaw in Apple’s MallocStackLogging framework, designated CVE-2023-32428, which has a CVSS score of 7.8. This vulnerability enables attackers to gain local privilege escalation on macOS systems by exploiting the framework’s ability to load into processes without special permissions. Despite Apple’s mitigations, such as secure flags and randomized log filenames, significant weaknesses remain, allowing attackers to redirect log file writes and manipulate privileged binaries. The flaw affects macOS Ventura 13.3 and earlier, but has been patched in macOS Ventura 13.4 and other platforms. Users are urged to update their devices to prevent exploitation. Kalman expressed disappointment over the $22,500 reward for his discovery, considering the severity of the vulnerability.