CVE-2023-41975 is a recently discovered security vulnerability in macOS which allows a website to access the microphone of the affected device without displaying the microphone use indicator to the user. The vulnerability existed in macOS Sonoma prior to 14.1, macOS Monterey prior to 12.7.1, and macOS Ventura prior to 13.6.1.

Vulnerability Details

The vulnerability lies within the media access permission handling feature of the affected macOS versions. By exploiting this vulnerability, a website or a web application can potentially engage in unauthorized eavesdropping on affected users.

The CVE identifier for this issue, CVE-2023-41975, was assigned by the MITRE Corporation, a non-profit organization responsible for managing the CVE system. You can find more information about this vulnerability from the official CVE entry at:
- CVE-2023-41975

Fix:
Apple has addressed this issue by removing the vulnerable code. The issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. Users are advised to update their macOS to the latest version to safeguard their devices from any potential exploitation.

Code Snippet (Before Patch)

The vulnerable code could be found within the media access permission handling feature in the earlier versions of the macOS. A sample of the previously vulnerable code is shown below:

let navigator = window.navigator;

navigator.getUserMedia = (constraints, successCallBack, errorCallback) => {
  if (constraints.audio) {
    // Check if permission already granted
    if (navigator.permissions.checkAlreadyGranted()) {
      successCallBack();
    } else {
      // Request permission to access microphone
      navigator.permissions.requestMicAccess((granted) => {
        if (granted) {
          successCallBack();
        } else {
          errorCallback();
        }
      });
    }
  } else {
    errorCallback();
  }
};

The problematic part of this code is the way the permission check for microphone access is handled. If the permission is already granted, the code allows the microphone to be accessed without displaying the microphone use indicator to the user.

Code Snippet (After Patch)

The patched code updates the permission handling feature to ensure that the microphone use indicator is always displayed when the microphone is in use:

let navigator = window.navigator;

navigator.getUserMedia = (constraints, successCallBack, errorCallback) => {
  if (constraints.audio) {
    // Check if permission already granted
    if (navigator.permissions.checkAlreadyGranted()) {
      // Show the microphone use indicator & access the mic
      navigator.permissions.showMicIndicatorAndAccess(() => {
        successCallBack();
      }, errorCallback);
    } else {
      // Request permission to access microphone
      navigator.permissions.requestMicAccess((granted) => {
        if (granted) {
          successCallBack();
        } else {
          errorCallback();
        }
      });
    }
  } else {
    errorCallback();
  }
};

With the updated code, the microphone use indicator is shown as expected, even when the permission to access the microphone has already been granted.

Conclusion

CVE-2023-41975 highlights the importance of staying up-to-date with the latest security patches and updates. By updating their version of macOS to the latest release, users can protect themselves from any attempts to exploit this vulnerability. It is highly encouraged that users make a habit of checking for updates and applying any necessary patches as soon as they become available.

Timeline

Published on: 10/25/2023 19:15:09 UTC
Last modified on: 11/02/2023 15:22:55 UTC