Threat Advisory

Critical Privilege Escalation Vulnerability in macOS MallocStackLogging Framework

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY:

A critical macOS vulnerability in Apple’s MallocStackLogging framework, tracked as CVE-2023-32428, was discovered after remaining undetected for nearly two decades. The flaw enabled privilege escalation by exploiting file handling weaknesses and bypassing mitigations, allowing attackers to write files to arbitrary locations with elevated privileges. Through creative exploitation, the vulnerability allowed unauthorized root access without requiring a password. Apple patched the issue, improving file operation security and addressing related bugs. However, the researcher criticized Apple’s bug bounty process for delays, low rewards, and poor communication, despite recognizing the vulnerability’s impact on improving macOS security.

 

  • CVE-2023-32428: This vulnerability CVSS Score 8.8 exploited race conditions in the access() function, allowing unauthorized file writes and privilege escalation. Weak mitigation using the O_NOFOLLOW flag enabled symlink traversal, facilitating arbitrary file manipulations. Bugs in filename truncation undermined randomness, making exploitation predictable and effective.

 

The vulnerability underscores the importance of secure file handling and thorough system protections. While the patch addressed immediate risks, the issue highlights potential future security concerns in the framework.

RECOMMENDATION:

We strongly recommend you update macOS products to below version:

  • iOS 16.5
  • macOS Ventura 13.4
  • tvOS 16.5
  • watchOS 9.5

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/20-years-old-macos-vulnerability/

crossmenu