CVE-2023-42874 is a security vulnerability identified in Apple macOS that affects the handling of secure text fields when using the Accessibility Keyboard in conjunction with a physical keyboard. Secure text fields are designed to mask sensitive input, such as passwords or other confidential information, to prevent unauthorized viewing. However, due to improper state management in macOS prior to version Sonoma 14.2, these secure fields could be displayed visibly through the Accessibility Keyboard interface. This means that when a user types into a secure text field using a physical keyboard, the contents could be exposed on the Accessibility Keyboard, which is intended as an assistive technology feature for users with disabilities. The vulnerability arises from the system failing to properly maintain the secure state of these text fields in this specific input context. Apple addressed this issue by improving state management in macOS Sonoma 14.2, ensuring that secure text fields remain obscured as intended. There are no known exploits actively targeting this vulnerability in the wild, and the affected versions are unspecified but include all macOS versions prior to 14.2. The vulnerability primarily impacts confidentiality, as it could lead to the unintended disclosure of sensitive information. Exploitation does not require elevated privileges or complex user interaction beyond enabling accessibility features and using a physical keyboard. This vulnerability is particularly relevant for environments where accessibility features are enabled and macOS devices are used for handling sensitive data.

For European organizations, the primary impact of CVE-2023-42874 is the potential exposure of sensitive information such as passwords or confidential input fields when accessibility features are enabled and physical keyboards are used. This could lead to unauthorized disclosure of credentials or other private data, increasing the risk of account compromise or data breaches. Organizations in sectors with high security requirements—such as finance, healthcare, and government—may face increased risk if employees use affected macOS devices with accessibility features enabled. The impact on integrity and availability is minimal, as the vulnerability does not allow modification or disruption of data or services. However, the confidentiality breach could facilitate further attacks, including phishing or lateral movement within networks. Since macOS is widely used in European countries with significant enterprise adoption, the scope of affected systems is considerable. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation.

1. Upgrade all macOS devices to version Sonoma 14.2 or later, where the vulnerability is fixed. 2. Review and restrict the use of the Accessibility Keyboard feature, especially in environments handling sensitive information. 3. Educate users about the risks of enabling accessibility features that may expose secure inputs and encourage disabling unnecessary assistive technologies. 4. Implement endpoint security solutions that monitor for unusual accessibility feature usage or unauthorized input device activity. 5. Conduct regular audits of macOS systems to ensure compliance with security policies and patch levels. 6. For highly sensitive environments, consider additional controls such as multi-factor authentication to mitigate the impact of potential credential exposure. 7. Monitor security advisories from Apple for any updates or additional patches related to this vulnerability.