CVE-2023-42974 is a race condition vulnerability in Apple’s iOS and iPadOS operating systems that allows a malicious app to execute arbitrary code with kernel privileges. The root cause is improper state handling leading to a race condition (CWE-362), which can be exploited to escalate privileges from a user-level app to kernel-level code execution. This vulnerability affects multiple Apple OS versions, including iOS 16.7.3, iOS 17.2, iPadOS 16.7.3, iPadOS 17.2, and macOS Monterey 12.7.2, Ventura 13.6.3, and Sonoma 14.2. The vulnerability was addressed by Apple through improved state handling in these updates. The CVSS v3.1 base score is 7.0, reflecting a high severity due to the potential for complete system compromise (confidentiality, integrity, and availability impacts are all high). The attack vector is local (AV:L), requiring the attacker to have local access to the device, with high attack complexity (AC:H) and requiring user interaction (UI:R). No privileges or authentication are required prior to exploitation (PR:N). While no known exploits are currently reported in the wild, the nature of the vulnerability means that a malicious app could leverage this flaw to gain kernel-level control, bypassing sandbox restrictions and potentially installing persistent malware or stealing sensitive data. This vulnerability is particularly critical for environments where iOS and iPadOS devices are used to access sensitive corporate or government information. The fix involves updating to the patched OS versions released by Apple. Organizations should prioritize patching devices to mitigate the risk of exploitation.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Apple devices in both consumer and enterprise environments. Successful exploitation could lead to full system compromise, allowing attackers to bypass security controls, access sensitive data, and disrupt device availability. This is especially concerning for sectors such as finance, healthcare, government, and critical infrastructure, where confidentiality and integrity of data are paramount. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, as phishing or malicious app distribution could facilitate attack vectors. The ability to execute code with kernel privileges could enable attackers to install persistent malware, conduct espionage, or disrupt operations. Given the high penetration of Apple devices in European businesses and government agencies, the potential impact is substantial if devices remain unpatched.

European organizations should immediately prioritize updating all affected Apple devices to the patched OS versions: iOS and iPadOS 16.7.3 and 17.2, and macOS Monterey 12.7.2, Ventura 13.6.3, and Sonoma 14.2. Beyond patching, organizations should enforce strict app installation policies, limiting app sources to trusted vendors and using Mobile Device Management (MDM) solutions to control app deployment. User education is critical to reduce the risk of social engineering attacks that could trigger user interaction required for exploitation. Employing endpoint detection and response (EDR) tools capable of monitoring for unusual kernel-level activity may help detect exploitation attempts. Regular audits of device compliance and security posture should be conducted. Additionally, organizations should review and tighten local access controls to prevent unauthorized physical or remote local access to devices. Finally, maintaining up-to-date backups and incident response plans will help mitigate damage if exploitation occurs.