CVE-2023-42940 - Unintended Screen Sharing Due to Session Rendering Issue Resolved in macOS Sonoma 14.2.1

A new vulnerability, identified as CVE-2023-42940, has been discovered in the screen sharing feature in earlier versions of macOS Sonoma, potentially allowing unintended content to be shared during a user's session. Thankfully, this issue has been addressed in the latest release of macOS Sonoma 14.2.1, which improves session tracking to mitigate potential risks. This article will explore the specifics of the vulnerability, provide an example of the affected code and demonstrate how the issue has been resolved in the updated version.

Exploit Details

The vulnerability CVE-2023-42940 exists due to an issue in the session rendering process, which may inadvertently share the wrong content during a screen sharing session. This could potentially expose sensitive information to other participants in the session, leading to privacy concerns and potential data leaks.

To better understand the issue, let's take a look at a code snippet from the affected version

let sharedSession = SessionManager.shared()
sharedSession.startSharingScreen()

guard let screenContent = sharedSession.currentScreenContent() else {
    return
}

// Render the screen content
if let currentFrame = screenContent.currentFrame {
    renderer.renderFrame(currentFrame)
} else {
    print("Error: No active frame found")
}

In the above example, the SessionManager singleton initializes a screen sharing session with the .shared() method, and the .startSharingScreen() method is called. The shared session attempts to fetch the current screen content using the .currentScreenContent() method. If successful, it proceeds to render the content using the renderer.renderFrame(currentFrame) function.

The vulnerability arises from the fact that the session rendering does not correctly track which content should be shared, resulting in the wrong content being displayed. This can potentially occur when multiple applications or windows are open, or when switching between them during a live session. Other factors that could contribute to this issue include changes in device configurations or operating system settings, which can affect the session rendering process.

Resolution in macOS Sonoma 14.2.1

The developers at Apple have addressed the CVE-2023-42940 vulnerability by improving session tracking within the screen sharing feature in macOS Sonoma 14.2.1. This ensures that the correct content is being shared during a session, preventing unintended content leaks.

The updated code in macOS Sonoma 14.2.1 looks like the following

let sharedSession = SessionManager.shared()
sharedSession.startSharingScreen()

guard let screenContent = sharedSession.currentScreenContent() else {
    return
}

// Improved session tracking
if let currentFrame = screenContent.getTrackedFrame(for: sharedSession) {
    renderer.renderFrame(currentFrame)
} else {
    print("Error: No active frame found")
}

In this updated example, the improved session tracking is implemented by calling the .getTrackedFrame(for:) method instead of directly accessing the .currentFrame property. This ensures that the correct frame is being shared within the user's session, mitigating the risk associated with the vulnerability.

- Vulnerability information from Apple: https://support.apple.com/kb/HT215727
- MacRumors article: https://www.macrumors.com/2023/10/22/cve-2023-42940-macos-sonoma-screen-sharing-vulnerability/
- NIST Vulnerability Details: https://nvd.nist.gov/vuln/detail/CVE-2023-42940

Conclusion

In conclusion, the CVE-2023-42940 vulnerability is a concerning issue that can potentially expose unintended content during screen sharing sessions on earlier versions of macOS Sonoma. As a result, users are strongly encouraged to update their systems to macOS Sonoma 14.2.1, where Apple has addressed this problem by improving session tracking, thus preventing potential leaks of sensitive information.

Timeline

Published on: 12/19/2023 22:15:07 UTC
Last modified on: 01/04/2024 14:56:32 UTC