skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical macOS Vulnerability CVE-2023-32428 Discovered

/ 1 min read

High-severity macOS vulnerability allows local privilege escalation. Security researcher Gergely Kalman has identified a critical flaw in Apple’s MallocStackLogging framework, designated CVE-2023-32428, which has a CVSS score of 7.8. This vulnerability enables attackers to gain local privilege escalation on macOS systems by exploiting the framework’s ability to load into processes without special permissions. Despite Apple’s mitigations, such as secure flags and randomized log filenames, significant weaknesses remain, allowing attackers to redirect log file writes and manipulate privileged binaries. The flaw affects macOS Ventura 13.3 and earlier, but has been patched in macOS Ventura 13.4 and other platforms. Users are urged to update their devices to prevent exploitation. Kalman expressed disappointment over the $22,500 reward for his discovery, considering the severity of the vulnerability.