CVE-2023-42935 is a vulnerability identified in Apple macOS that allows a local attacker with low privileges to view the desktop environment of the previously logged-in user from the fast user switching screen. The root cause is an authentication issue related to improper state management during user switching, which fails to adequately isolate the previous user's desktop session from the current login screen. This flaw enables unauthorized access to potentially sensitive information visible on the prior user's desktop without requiring any user interaction. The vulnerability affects macOS versions prior to Ventura 13.6.4, where Apple addressed the issue by improving authentication state management. The CVSS v3.1 base score is 5.5 (medium severity), reflecting the local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). There are no known exploits in the wild at this time. The vulnerability is classified under CWE-287 (Improper Authentication). Given the requirement for local access and low privileges, exploitation is limited to scenarios where an attacker already has some level of access to the system, such as a shared workstation or a compromised user account. The vulnerability primarily threatens confidentiality by exposing desktop content of the previous user, which may include sensitive documents, emails, or other private information.

For European organizations, the primary impact of CVE-2023-42935 is the potential unauthorized disclosure of sensitive information due to exposure of the previous user's desktop environment. This can lead to data breaches, loss of privacy, and potential compliance violations under regulations such as GDPR if personal or confidential data is exposed. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. However, the confidentiality breach risk is significant in environments where multiple users share macOS devices or where physical or remote local access is possible. Sectors such as finance, healthcare, government, and legal services in Europe, which often handle sensitive data on macOS devices, could be particularly impacted. The requirement for local access limits remote exploitation, but insider threats or attackers with physical access could leverage this vulnerability to gain unauthorized visibility into user data. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in high-security environments.

To mitigate CVE-2023-42935, European organizations should prioritize updating all affected macOS systems to Ventura 13.6.4 or later, where the vulnerability is patched. Implement strict access controls to limit local user accounts and restrict physical access to macOS devices, especially in shared or public environments. Employ endpoint security solutions that monitor and alert on unusual local user switching or session access activities. Educate users about the risks of leaving sessions unlocked or switching users without logging out. Consider deploying device encryption and screen lock policies to reduce data exposure risk. For environments with high security requirements, enforce multi-factor authentication and session timeout policies to minimize the window of opportunity for exploitation. Regularly audit macOS systems for compliance with security policies and ensure that all software updates are applied promptly. Finally, maintain an incident response plan that includes procedures for handling potential data exposure incidents stemming from local access vulnerabilities.