Vulnerability-Lookup

CVE-2023-41991 (GCVE-0-2023-41991)

Vulnerability from cvelistv5 – Published: 2023-09-21 18:23 – Updated: 2025-11-04 19:21

CISA KEV

Summary

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/en-us/HT213927
https://support.apple.com/en-us/HT213931

Impacted products

2 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: unspecified , < 16.7 (custom)
Apple	macOS	Affected: unspecified , < 13.6 (custom)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: a783545e-dcb5-4a07-8f61-3d1603939e20

Vulnerability ID: CVE-2023-41991

Status: Confirmed

Status Updated: 2023-09-25 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-09-25

Asserted: 2023-09-25

Scope

Notes: KEV entry: Apple Multiple Products Improper Certificate Validation Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41991

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-295
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Multiple Products
Due Date	2023-10-16
Date Added	2023-09-25
Vendorproject	Apple
Vulnerabilityname	Apple Multiple Products Improper Certificate Validation Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2023-41991

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:21:39.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213927"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213931"
          },
          {
            "url": "https://support.apple.com/kb/HT213931"
          },
          {
            "url": "https://support.apple.com/kb/HT213927"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-41991",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T15:13:21.191475Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-09-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:37.441Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-09-25T00:00:00.000Z",
            "value": "CVE-2023-41991 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-10T22:03:18.435Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213927"
        },
        {
          "url": "https://support.apple.com/en-us/HT213931"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-41991",
    "datePublished": "2023-09-21T18:23:48.974Z",
    "dateReserved": "2023-09-06T17:40:06.142Z",
    "dateUpdated": "2025-11-04T19:21:39.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-41991",
      "cwes": "[\"CWE-295\"]",
      "dateAdded": "2023-09-25",
      "dueDate": "2023-10-16",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-41991",
      "product": "Multiple Products",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Multiple Products Improper Certificate Validation Vulnerability"
    },
    "epss": {
      "cve": "CVE-2023-41991",
      "date": "2026-05-14",
      "epss": "0.039",
      "percentile": "0.88391"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-10-16",
      "cisaExploitAdd": "2023-09-25",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "Apple Multiple Products Improper Certificate Validation Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.7\", \"matchCriteriaId\": \"1CEB5BA1-7092-4ADE-B19F-FD34CB53CCC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD0EE39C-DEC4-475C-8661-5BD76457A39E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.7\", \"matchCriteriaId\": \"3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"502CD624-FA22-4C7B-9CA3-53CA938BE1AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.\"}, {\"lang\": \"es\", \"value\": \"Se solucion\\u00f3 un problema de validaci\\u00f3n de certificados. Este problema se solucion\\u00f3 en macOS Ventura 13.6, iOS 16.7 y iPadOS 16.7. Es posible que una aplicaci\\u00f3n maliciosa pueda eludir la validaci\\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7.\"}]",
      "id": "CVE-2023-41991",
      "lastModified": "2024-11-29T14:41:00.430",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2023-09-21T19:15:11.283",
      "references": "[{\"url\": \"https://support.apple.com/en-us/HT213927\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213931\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213927\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213931\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-41991\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-09-21T19:15:11.283\",\"lastModified\":\"2025-11-05T19:18:21.780\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en macOS Ventura 13.6, iOS 16.7 y iPadOS 16.7. Es posible que una aplicaci\u00f3n maliciosa pueda eludir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2023-09-25\",\"cisaActionDue\":\"2023-10-16\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apple Multiple Products Improper Certificate Validation Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7\",\"matchCriteriaId\":\"1CEB5BA1-7092-4ADE-B19F-FD34CB53CCC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD0EE39C-DEC4-475C-8661-5BD76457A39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7\",\"matchCriteriaId\":\"3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"502CD624-FA22-4C7B-9CA3-53CA938BE1AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213927\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213931\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213927\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213931\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213931\"}, {\"url\": \"https://support.apple.com/kb/HT213927\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T19:21:39.550Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-41991\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T15:13:21.191475Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-09-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-09-25T00:00:00.000Z\", \"value\": \"CVE-2023-41991 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T13:55:14.143Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"13.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213927\"}, {\"url\": \"https://support.apple.com/en-us/HT213931\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-01-10T22:03:18.435Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-41991\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T19:21:39.550Z\", \"dateReserved\": \"2023-09-06T17:40:06.142Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2023-09-21T18:23:48.974Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2023-41991

Vulnerability from fkie_nvd - Published: 2023-09-21 19:15 - Updated: 2025-11-05 19:18

CISA KEV

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213927	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213931	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213927	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213931	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213927	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213931	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991	US Government Resource

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	ipados	17.0
apple	iphone_os	*
apple	iphone_os	17.0
apple	macos	*

JSON

To clipboard

{
  "cisaActionDue": "2023-10-16",
  "cisaExploitAdd": "2023-09-25",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Apple Multiple Products Improper Certificate Validation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEB5BA1-7092-4ADE-B19F-FD34CB53CCC3",
              "versionEndExcluding": "16.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0EE39C-DEC4-475C-8661-5BD76457A39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F",
              "versionEndExcluding": "16.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "502CD624-FA22-4C7B-9CA3-53CA938BE1AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F",
              "versionEndExcluding": "13.6",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
    },
    {
      "lang": "es",
      "value": "Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en macOS Ventura 13.6, iOS 16.7 y iPadOS 16.7. Es posible que una aplicaci\u00f3n maliciosa pueda eludir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
    }
  ],
  "id": "CVE-2023-41991",
  "lastModified": "2025-11-05T19:18:21.780",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-09-21T19:15:11.283",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213927"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213931"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2023-AVI-0772

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions 16.x antérieures à 16.7
Apple	Safari	Safari versions antérieures à 16.6.1
Apple	macOS	macOS Monterey versions antérieures à 12.7
Apple	N/A	watchOS versions antérieures à 10.0.1
Apple	N/A	iPadOS versions 16.x antérieures à 16.7
Apple	macOS	macOS Ventura versions antérieures à 13.6
Apple	N/A	watchOS versions antérieures à 9.6.3
Apple	N/A	iPadOS versions 17.x antérieures à 17.0.1
Apple	N/A	iOS versions 17.x antérieures à 17.0.1

References

Title

Publication Time

CERTFR-2023-AVI-0772

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions 16.x antérieures à 16.7
Apple	Safari	Safari versions antérieures à 16.6.1
Apple	macOS	macOS Monterey versions antérieures à 12.7
Apple	N/A	watchOS versions antérieures à 10.0.1
Apple	N/A	iPadOS versions 16.x antérieures à 16.7
Apple	macOS	macOS Ventura versions antérieures à 13.6
Apple	N/A	watchOS versions antérieures à 9.6.3
Apple	N/A	iPadOS versions 17.x antérieures à 17.0.1
Apple	N/A	iOS versions 17.x antérieures à 17.0.1

References

Title

Publication Time

tid-213

Vulnerability from emb3d

Type

system-software

Link

Show details on source website

Description

To avoid the weaknesses of a shared secret verification (see TID-212), devices may utilize a digital signature verification scheme based on asymmetric public key cryptography. However, if the device does not correctly verify a firmware/software signature correctly, a threat actor can bypass the device’s authenticity checking mechanisms to upload malicious or corrupt version. The unauthorized firmware could “brick” the device, preventing it from being reset. This could also be used to install malicious logic on the device. NOTE: firmware/software signature here refers to processes that use cryptographic keys to verify firmware integrity and origin. These can include keyed hashes and/or asymmetric key signing. This does not include encrypting firmware with no other integrity verification mechanisms in-place.

CWE

CWE-347: Improper Verification of Cryptographic Signature

tid-316

Vulnerability from emb3d

Type

application-software

Link

Show details on source website

Description

Certificate-based authentication depends on the correct parsing and validation of an X.509 certificate. However, if the certificate is not properly parsed and all fields are not validated, a threat actor could potentially bypass authentication using a fraudulent certificate.

CWE

CWE-295: Improper Certificate Validation

GSD-2023-41991

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-41991

Aliases

CVE-2023-41991

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-41991",
    "id": "GSD-2023-41991"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-41991"
      ],
      "details": "A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",
      "id": "GSD-2023-41991",
      "modified": "2023-12-13T01:20:45.177565Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2023-41991",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "16.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "13.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213927",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213927"
          },
          {
            "name": "https://support.apple.com/en-us/HT213931",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213931"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2023-10-16",
        "cisaExploitAdd": "2023-09-25",
        "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
        "cisaVulnerabilityName": "Apple Multiple Products Improper Certificate Validation Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1CEB5BA1-7092-4ADE-B19F-FD34CB53CCC3",
                    "versionEndExcluding": "16.7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:ipados:17.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FD0EE39C-DEC4-475C-8661-5BD76457A39E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F",
                    "versionEndExcluding": "16.7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "502CD624-FA22-4C7B-9CA3-53CA938BE1AB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F",
                    "versionEndExcluding": "13.6",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
          },
          {
            "lang": "es",
            "value": "Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en macOS Ventura 13.6, iOS 16.7 y iPadOS 16.7. Es posible que una aplicaci\u00f3n maliciosa pueda eludir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
          }
        ],
        "id": "CVE-2023-41991",
        "lastModified": "2024-01-10T22:15:49.337",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-09-21T19:15:11.283",
        "references": [
          {
            "source": "product-security@apple.com",
            "tags": [
              "Release Notes",
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT213927"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Release Notes",
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT213931"
          }
        ],
        "sourceIdentifier": "product-security@apple.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-295"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-FJ3M-2R8F-M4X9

Vulnerability from github – Published: 2023-09-21 21:31 – Updated: 2025-11-04 21:30

Details

A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-41991"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-21T19:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",
  "id": "GHSA-fj3m-2r8f-m4x9",
  "modified": "2025-11-04T21:30:39Z",
  "published": "2023-09-21T21:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41991"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213926"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213927"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213928"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213929"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213931"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213926"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213927"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213931"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/5"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Sep/14"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Sep/15"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Sep/16"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Sep/17"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Sep/19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2023-2453

Vulnerability from csaf_certbund - Published: 2023-09-26 22:00 - Updated: 2025-04-13 22:00

Summary

Apple macOS: Mehrere Schwachstellen

Severity

Kritisch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff: Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Rechte zu erweitern oder Daten zu manipulieren.

Betroffene Betriebssysteme: - MacOS X

CVE-2023-23495

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-29497

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-32361

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-32377

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-32396

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-32421

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-35074

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-35984

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-35990

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-37448

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-38586

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-38596

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-3860

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-38607

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-38615

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-39233

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-39434

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40384

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40386

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40388

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40391

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40393

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40395

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40396

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40399

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40400

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40402

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40403

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40406

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40407

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40409

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40410

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40411

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40412

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40417

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40420

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40422

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40424

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40426

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40427

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40429

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40430

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40432

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40434

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40436

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40438

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40441

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40448

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40450

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40452

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40454

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40455

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-40541

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41063

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41065

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41066

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41067

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41070

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41071

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41073

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41074

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41076

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41078

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41079

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41232

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41968

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41979

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41980

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41981

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41984

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41986

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41987

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41991

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41992

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41993

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41994

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41995

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-41996

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42826

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42876

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42918

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42929

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42933

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42934

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42943

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42948

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42949

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42957

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42959

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42961

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42969

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42970

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42977

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42981

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42982

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

CVE-2023-42983

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Ventura <13.6 Apple / macOS		Ventura <13.6
Apple macOS Sonoma <14 Apple / macOS		Sonoma <14
Apple macOS Monterey <12.7 Apple / macOS		Monterey <12.7

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.apple.com/en-us/HT213931	external
https://support.apple.com/en-us/HT213932	external
https://support.apple.com/en-us/HT213940	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern oder Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2453 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2453.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2453 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2453"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2023-09-26",
        "url": "https://support.apple.com/en-us/HT213931"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2023-09-26",
        "url": "https://support.apple.com/en-us/HT213932"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2023-09-26",
        "url": "https://support.apple.com/en-us/HT213940"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-13T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-14T08:21:12.074+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-2453",
      "initial_release_date": "2023-09-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-10-25T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "3",
          "summary": "CVE\u0027s erg\u00e4nzt"
        },
        {
          "date": "2025-04-13T22:00:00.000+00:00",
          "number": "4",
          "summary": "CVE-Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Ventura \u003c13.6",
                "product": {
                  "name": "Apple macOS Ventura \u003c13.6",
                  "product_id": "T030093"
                }
              },
              {
                "category": "product_version",
                "name": "Ventura 13.6",
                "product": {
                  "name": "Apple macOS Ventura 13.6",
                  "product_id": "T030093-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:ventura__13.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Monterey \u003c12.7",
                "product": {
                  "name": "Apple macOS Monterey \u003c12.7",
                  "product_id": "T030094"
                }
              },
              {
                "category": "product_version",
                "name": "Monterey 12.7",
                "product": {
                  "name": "Apple macOS Monterey 12.7",
                  "product_id": "T030094-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:monterey__12.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Sonoma \u003c14",
                "product": {
                  "name": "Apple macOS Sonoma \u003c14",
                  "product_id": "T030095"
                }
              },
              {
                "category": "product_version",
                "name": "Sonoma 14",
                "product": {
                  "name": "Apple macOS Sonoma 14",
                  "product_id": "T030095-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:sonoma__14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "macOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23495",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-23495"
    },
    {
      "cve": "CVE-2023-29497",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-29497"
    },
    {
      "cve": "CVE-2023-32361",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-32361"
    },
    {
      "cve": "CVE-2023-32377",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-32377"
    },
    {
      "cve": "CVE-2023-32396",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-32396"
    },
    {
      "cve": "CVE-2023-32421",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-32421"
    },
    {
      "cve": "CVE-2023-35074",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-35074"
    },
    {
      "cve": "CVE-2023-35984",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-35984"
    },
    {
      "cve": "CVE-2023-35990",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-35990"
    },
    {
      "cve": "CVE-2023-37448",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-37448"
    },
    {
      "cve": "CVE-2023-38586",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38586"
    },
    {
      "cve": "CVE-2023-38596",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38596"
    },
    {
      "cve": "CVE-2023-3860",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-3860"
    },
    {
      "cve": "CVE-2023-38607",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38607"
    },
    {
      "cve": "CVE-2023-38615",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38615"
    },
    {
      "cve": "CVE-2023-39233",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-39233"
    },
    {
      "cve": "CVE-2023-39434",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-39434"
    },
    {
      "cve": "CVE-2023-40384",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40384"
    },
    {
      "cve": "CVE-2023-40386",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40386"
    },
    {
      "cve": "CVE-2023-40388",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40388"
    },
    {
      "cve": "CVE-2023-40391",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40391"
    },
    {
      "cve": "CVE-2023-40393",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40393"
    },
    {
      "cve": "CVE-2023-40395",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40395"
    },
    {
      "cve": "CVE-2023-40396",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40396"
    },
    {
      "cve": "CVE-2023-40399",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40399"
    },
    {
      "cve": "CVE-2023-40400",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40400"
    },
    {
      "cve": "CVE-2023-40402",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40402"
    },
    {
      "cve": "CVE-2023-40403",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40403"
    },
    {
      "cve": "CVE-2023-40406",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40406"
    },
    {
      "cve": "CVE-2023-40407",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40407"
    },
    {
      "cve": "CVE-2023-40409",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40409"
    },
    {
      "cve": "CVE-2023-40410",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40410"
    },
    {
      "cve": "CVE-2023-40411",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40411"
    },
    {
      "cve": "CVE-2023-40412",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40412"
    },
    {
      "cve": "CVE-2023-40417",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40417"
    },
    {
      "cve": "CVE-2023-40420",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40420"
    },
    {
      "cve": "CVE-2023-40422",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40422"
    },
    {
      "cve": "CVE-2023-40424",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40424"
    },
    {
      "cve": "CVE-2023-40426",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40426"
    },
    {
      "cve": "CVE-2023-40427",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40427"
    },
    {
      "cve": "CVE-2023-40429",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40429"
    },
    {
      "cve": "CVE-2023-40430",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40430"
    },
    {
      "cve": "CVE-2023-40432",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40432"
    },
    {
      "cve": "CVE-2023-40434",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40434"
    },
    {
      "cve": "CVE-2023-40436",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40436"
    },
    {
      "cve": "CVE-2023-40438",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40438"
    },
    {
      "cve": "CVE-2023-40441",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40441"
    },
    {
      "cve": "CVE-2023-40448",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40448"
    },
    {
      "cve": "CVE-2023-40450",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40450"
    },
    {
      "cve": "CVE-2023-40452",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40452"
    },
    {
      "cve": "CVE-2023-40454",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40454"
    },
    {
      "cve": "CVE-2023-40455",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40455"
    },
    {
      "cve": "CVE-2023-40541",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40541"
    },
    {
      "cve": "CVE-2023-41063",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41063"
    },
    {
      "cve": "CVE-2023-41065",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41065"
    },
    {
      "cve": "CVE-2023-41066",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41066"
    },
    {
      "cve": "CVE-2023-41067",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41067"
    },
    {
      "cve": "CVE-2023-41070",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41070"
    },
    {
      "cve": "CVE-2023-41071",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41071"
    },
    {
      "cve": "CVE-2023-41073",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41073"
    },
    {
      "cve": "CVE-2023-41074",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41074"
    },
    {
      "cve": "CVE-2023-41076",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41076"
    },
    {
      "cve": "CVE-2023-41078",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41078"
    },
    {
      "cve": "CVE-2023-41079",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41079"
    },
    {
      "cve": "CVE-2023-41232",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41232"
    },
    {
      "cve": "CVE-2023-41968",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41968"
    },
    {
      "cve": "CVE-2023-41979",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41979"
    },
    {
      "cve": "CVE-2023-41980",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41980"
    },
    {
      "cve": "CVE-2023-41981",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41981"
    },
    {
      "cve": "CVE-2023-41984",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41984"
    },
    {
      "cve": "CVE-2023-41986",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41986"
    },
    {
      "cve": "CVE-2023-41987",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41987"
    },
    {
      "cve": "CVE-2023-41991",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41991"
    },
    {
      "cve": "CVE-2023-41992",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41992"
    },
    {
      "cve": "CVE-2023-41993",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41993"
    },
    {
      "cve": "CVE-2023-41994",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41994"
    },
    {
      "cve": "CVE-2023-41995",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41995"
    },
    {
      "cve": "CVE-2023-41996",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41996"
    },
    {
      "cve": "CVE-2023-42826",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42826"
    },
    {
      "cve": "CVE-2023-42876",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42876"
    },
    {
      "cve": "CVE-2023-42918",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42918"
    },
    {
      "cve": "CVE-2023-42929",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42929"
    },
    {
      "cve": "CVE-2023-42933",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42933"
    },
    {
      "cve": "CVE-2023-42934",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42934"
    },
    {
      "cve": "CVE-2023-42943",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42943"
    },
    {
      "cve": "CVE-2023-42948",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42948"
    },
    {
      "cve": "CVE-2023-42949",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42949"
    },
    {
      "cve": "CVE-2023-42957",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42957"
    },
    {
      "cve": "CVE-2023-42959",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42959"
    },
    {
      "cve": "CVE-2023-42961",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42961"
    },
    {
      "cve": "CVE-2023-42969",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42969"
    },
    {
      "cve": "CVE-2023-42970",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42970"
    },
    {
      "cve": "CVE-2023-42977",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42977"
    },
    {
      "cve": "CVE-2023-42981",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42981"
    },
    {
      "cve": "CVE-2023-42982",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42982"
    },
    {
      "cve": "CVE-2023-42983",
      "product_status": {
        "known_affected": [
          "T030093",
          "T030095",
          "T030094"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42983"
    }
  ]
}

WID-SEC-W-2023-2454

Vulnerability from csaf_certbund - Published: 2023-09-26 22:00 - Updated: 2025-04-13 22:00

Summary

Apple iOS und iPadOS: Mehrere Schwachstellen

Severity

Kritisch

Notes

Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch. Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren oder seine Privilegien zu erweitern.

Betroffene Betriebssysteme: - iPhoneOS

CVE-2023-32361

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-32396

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-35074

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-35984

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-35990

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-38596

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-38610

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-38612

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-38614

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-39434

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40384

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40385

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40391

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40395

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40399

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40400

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40403

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40409

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40410

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40412

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40414

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40417

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40419

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40420

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40424

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40427

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40428

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40429

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40431

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40432

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40434

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40441

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40443

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40448

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40452

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40454

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40456

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40520

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40528

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-40529

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41060

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41063

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41065

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41068

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41069

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41070

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41071

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41073

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41074

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41174

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41232

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41968

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41974

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41980

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41981

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41984

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41986

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41991

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41992

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41993

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-41995

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42833

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42870

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42871

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42872

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42875

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42925

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42934

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42949

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42957

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42961

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42969

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42970

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42973

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

CVE-2023-42977

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <16.7 Apple / iOS		<16.7
Apple iPadOS <17 Apple / iPadOS		<17
Apple iPadOS <16.7 Apple / iPadOS		<16.7
Apple iOS <17 Apple / iOS		<17

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.apple.com/en-us/HT213927	external
https://support.apple.com/en-us/HT213938	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen preiszugeben, Dateien zu manipulieren oder seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2454 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2454.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2454 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2454"
      },
      {
        "category": "external",
        "summary": "Apple Security Update vom 2023-09-26",
        "url": "https://support.apple.com/en-us/HT213927"
      },
      {
        "category": "external",
        "summary": "Apple Security Update vom 2023-09-26",
        "url": "https://support.apple.com/en-us/HT213938"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-13T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-14T08:21:12.759+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-2454",
      "initial_release_date": "2023-09-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-09-28T22:00:00.000+00:00",
          "number": "2",
          "summary": "Korrektur"
        },
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "3",
          "summary": "CVE\u0027s erg\u00e4nzt"
        },
        {
          "date": "2025-04-13T22:00:00.000+00:00",
          "number": "4",
          "summary": "CVE-Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c16.7",
                "product": {
                  "name": "Apple iOS \u003c16.7",
                  "product_id": "T030084"
                }
              },
              {
                "category": "product_version",
                "name": "16.7",
                "product": {
                  "name": "Apple iOS 16.7",
                  "product_id": "T030084-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:16.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c17",
                "product": {
                  "name": "Apple iOS \u003c17",
                  "product_id": "T030087"
                }
              },
              {
                "category": "product_version",
                "name": "17",
                "product": {
                  "name": "Apple iOS 17",
                  "product_id": "T030087-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:17"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c16.7",
                "product": {
                  "name": "Apple iPadOS \u003c16.7",
                  "product_id": "T030085"
                }
              },
              {
                "category": "product_version",
                "name": "16.7",
                "product": {
                  "name": "Apple iPadOS 16.7",
                  "product_id": "T030085-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:16.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c17",
                "product": {
                  "name": "Apple iPadOS \u003c17",
                  "product_id": "T030086"
                }
              },
              {
                "category": "product_version",
                "name": "17",
                "product": {
                  "name": "Apple iPadOS 17",
                  "product_id": "T030086-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:17"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-32361",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-32361"
    },
    {
      "cve": "CVE-2023-32396",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-32396"
    },
    {
      "cve": "CVE-2023-35074",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-35074"
    },
    {
      "cve": "CVE-2023-35984",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-35984"
    },
    {
      "cve": "CVE-2023-35990",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-35990"
    },
    {
      "cve": "CVE-2023-38596",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38596"
    },
    {
      "cve": "CVE-2023-38610",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38610"
    },
    {
      "cve": "CVE-2023-38612",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38612"
    },
    {
      "cve": "CVE-2023-38614",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-38614"
    },
    {
      "cve": "CVE-2023-39434",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-39434"
    },
    {
      "cve": "CVE-2023-40384",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40384"
    },
    {
      "cve": "CVE-2023-40385",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40385"
    },
    {
      "cve": "CVE-2023-40391",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40391"
    },
    {
      "cve": "CVE-2023-40395",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40395"
    },
    {
      "cve": "CVE-2023-40399",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40399"
    },
    {
      "cve": "CVE-2023-40400",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40400"
    },
    {
      "cve": "CVE-2023-40403",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40403"
    },
    {
      "cve": "CVE-2023-40409",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40409"
    },
    {
      "cve": "CVE-2023-40410",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40410"
    },
    {
      "cve": "CVE-2023-40412",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40412"
    },
    {
      "cve": "CVE-2023-40414",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40414"
    },
    {
      "cve": "CVE-2023-40417",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40417"
    },
    {
      "cve": "CVE-2023-40419",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40419"
    },
    {
      "cve": "CVE-2023-40420",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40420"
    },
    {
      "cve": "CVE-2023-40424",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40424"
    },
    {
      "cve": "CVE-2023-40427",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40427"
    },
    {
      "cve": "CVE-2023-40428",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40428"
    },
    {
      "cve": "CVE-2023-40429",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40429"
    },
    {
      "cve": "CVE-2023-40431",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40431"
    },
    {
      "cve": "CVE-2023-40432",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40432"
    },
    {
      "cve": "CVE-2023-40434",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40434"
    },
    {
      "cve": "CVE-2023-40441",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40441"
    },
    {
      "cve": "CVE-2023-40443",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40443"
    },
    {
      "cve": "CVE-2023-40448",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40448"
    },
    {
      "cve": "CVE-2023-40452",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40452"
    },
    {
      "cve": "CVE-2023-40454",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40454"
    },
    {
      "cve": "CVE-2023-40456",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40456"
    },
    {
      "cve": "CVE-2023-40520",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40520"
    },
    {
      "cve": "CVE-2023-40528",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40528"
    },
    {
      "cve": "CVE-2023-40529",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-40529"
    },
    {
      "cve": "CVE-2023-41060",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41060"
    },
    {
      "cve": "CVE-2023-41063",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41063"
    },
    {
      "cve": "CVE-2023-41065",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41065"
    },
    {
      "cve": "CVE-2023-41068",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41068"
    },
    {
      "cve": "CVE-2023-41069",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41069"
    },
    {
      "cve": "CVE-2023-41070",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41070"
    },
    {
      "cve": "CVE-2023-41071",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41071"
    },
    {
      "cve": "CVE-2023-41073",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41073"
    },
    {
      "cve": "CVE-2023-41074",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41074"
    },
    {
      "cve": "CVE-2023-41174",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41174"
    },
    {
      "cve": "CVE-2023-41232",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41232"
    },
    {
      "cve": "CVE-2023-41968",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41968"
    },
    {
      "cve": "CVE-2023-41974",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41974"
    },
    {
      "cve": "CVE-2023-41980",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41980"
    },
    {
      "cve": "CVE-2023-41981",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41981"
    },
    {
      "cve": "CVE-2023-41984",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41984"
    },
    {
      "cve": "CVE-2023-41986",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41986"
    },
    {
      "cve": "CVE-2023-41991",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41991"
    },
    {
      "cve": "CVE-2023-41992",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41992"
    },
    {
      "cve": "CVE-2023-41993",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41993"
    },
    {
      "cve": "CVE-2023-41995",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-41995"
    },
    {
      "cve": "CVE-2023-42833",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42833"
    },
    {
      "cve": "CVE-2023-42870",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42870"
    },
    {
      "cve": "CVE-2023-42871",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42871"
    },
    {
      "cve": "CVE-2023-42872",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42872"
    },
    {
      "cve": "CVE-2023-42875",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42875"
    },
    {
      "cve": "CVE-2023-42925",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42925"
    },
    {
      "cve": "CVE-2023-42934",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42934"
    },
    {
      "cve": "CVE-2023-42949",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42949"
    },
    {
      "cve": "CVE-2023-42957",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42957"
    },
    {
      "cve": "CVE-2023-42961",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42961"
    },
    {
      "cve": "CVE-2023-42969",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42969"
    },
    {
      "cve": "CVE-2023-42970",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42970"
    },
    {
      "cve": "CVE-2023-42973",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42973"
    },
    {
      "cve": "CVE-2023-42977",
      "product_status": {
        "known_affected": [
          "T030084",
          "T030086",
          "T030085",
          "T030087"
        ]
      },
      "release_date": "2023-09-26T22:00:00.000+00:00",
      "title": "CVE-2023-42977"
    }
  ]
}

WID-SEC-W-2023-2427

Vulnerability from csaf_certbund - Published: 2023-09-21 22:00 - Updated: 2023-09-21 22:00

Summary

Apple iOS: Mehrere Schwachstellen

Severity

Hoch

Notes

Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Sicherheitsmaßnahmen zu umgehen, seine Privilegien zu erweitern oder beliebigen Code auszuführen.

Betroffene Betriebssysteme: - iPhoneOS

CVE-2023-41993

Es besteht eine Schwachstelle in Apple iOS und Apple iPadOS. Dieser Fehler besteht in der WebKit-Komponente während der Verarbeitung von Webinhalten aufgrund unsachgemäßer Prüfungen. Ein entfernter Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

CVE-2023-41992

Es besteht eine Schwachstelle in Apple iOS und Apple iPadOS. Dieser Fehler besteht in der Kernel-Komponente aufgrund einer unsachgemäßen Überprüfung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern.

CVE-2023-41991

Es besteht eine Schwachstelle in Apple iOS und Apple iPadOS. Dieser Fehler besteht in der Sicherheitskomponente aufgrund einer unsachgemäßen Zertifikatsvalidierung. Ein entfernter Angreifer kann über eine bösartige Anwendung diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://isc.sans.edu/diary/rss/30238	external
https://support.apple.com/en-us/HT213927	external
https://support.apple.com/en-us/HT213926	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern oder beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2427 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2427.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2427 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2427"
      },
      {
        "category": "external",
        "summary": "Tatsache der Ausbeutung",
        "url": "https://isc.sans.edu/diary/rss/30238"
      },
      {
        "category": "external",
        "summary": "Apple Security Update vom 2023-09-21",
        "url": "https://support.apple.com/en-us/HT213927"
      },
      {
        "category": "external",
        "summary": "Apple Security Update vom 2023-09-21",
        "url": "https://support.apple.com/en-us/HT213926"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-21T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:46.274+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2427",
      "initial_release_date": "2023-09-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Apple iOS \u003c 17.0.1",
                "product": {
                  "name": "Apple iOS \u003c 17.0.1",
                  "product_id": "T030027",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:17.0.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Apple iOS \u003c 16.7",
                "product": {
                  "name": "Apple iOS \u003c 16.7",
                  "product_id": "T030028",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:16.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Apple iPadOS \u003c 17.0.1",
                "product": {
                  "name": "Apple iPadOS \u003c 17.0.1",
                  "product_id": "T030029",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:17.0.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Apple iPadOS \u003c 16.7",
                "product": {
                  "name": "Apple iPadOS \u003c 16.7",
                  "product_id": "T030030",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:16.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-41993",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Apple iOS und Apple iPadOS. Dieser Fehler besteht in der WebKit-Komponente w\u00e4hrend der Verarbeitung von Webinhalten aufgrund unsachgem\u00e4\u00dfer Pr\u00fcfungen. Ein entfernter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-09-21T22:00:00.000+00:00",
      "title": "CVE-2023-41993"
    },
    {
      "cve": "CVE-2023-41992",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Apple iOS und Apple iPadOS. Dieser Fehler besteht in der Kernel-Komponente aufgrund einer unsachgem\u00e4\u00dfen \u00dcberpr\u00fcfung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "release_date": "2023-09-21T22:00:00.000+00:00",
      "title": "CVE-2023-41992"
    },
    {
      "cve": "CVE-2023-41991",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Apple iOS und Apple iPadOS. Dieser Fehler besteht in der Sicherheitskomponente aufgrund einer unsachgem\u00e4\u00dfen Zertifikatsvalidierung. Ein entfernter Angreifer kann \u00fcber eine b\u00f6sartige Anwendung diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-21T22:00:00.000+00:00",
      "title": "CVE-2023-41991"
    }
  ]
}

BDU:2023-06111

Vulnerability from fstec - Published: 06.09.2023

Title

Уязвимость компонента Security операционных систем iOS, watchOS, iPadOS и macOS, позволяющая нарушителю обойти проверку цифровой подписи

Description

Уязвимость компонента Security операционных систем iOS, watchOS, iPadOS и macOS связана с ошибками процедуры подтверждения подлинности сертификата. Эксплуатация уязвимости может позволить нарушителю обойти проверку цифровой подписи

Severity ?


                    
                      AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Vendor

Apple Inc.

Software Name

iOS, iPadOS, MacOS, watchOS

Software Version

до 16.7 (iOS), 17.0 (iOS), 17.0 (iPadOS), до 16.7 (iPadOS), Ventura до 13.6 (MacOS), до 9.6.3 (watchOS), 10.0 (watchOS)

Possible Mitigations

Использование рекомендаций: https://support.apple.com/en-us/HT213926 https://support.apple.com/en-us/HT213927 https://support.apple.com/en-us/HT213928 https://support.apple.com/en-us/HT213929 https://support.apple.com/en-us/HT213931

Reference

https://www.securitylab.ru/news/542129.php https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/ https://vuldb.com/ru/?id.240160 https://xakep.ru/2023/09/25/apple-predator/ http://seclists.org/fulldisclosure/2023/Sep/14 http://seclists.org/fulldisclosure/2023/Sep/15 http://seclists.org/fulldisclosure/2023/Sep/16 http://seclists.org/fulldisclosure/2023/Sep/17 http://seclists.org/fulldisclosure/2023/Sep/19 https://support.apple.com/en-us/HT213926 https://support.apple.com/en-us/HT213927 https://support.apple.com/en-us/HT213928 https://support.apple.com/en-us/HT213929 https://support.apple.com/en-us/HT213931

CWE

CWE-295

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Apple Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 16.7 (iOS), 17.0 (iOS), 17.0 (iPadOS), \u0434\u043e 16.7 (iPadOS), Ventura \u0434\u043e 13.6 (MacOS), \u0434\u043e 9.6.3 (watchOS), 10.0 (watchOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.apple.com/en-us/HT213926  \nhttps://support.apple.com/en-us/HT213927 \nhttps://support.apple.com/en-us/HT213928 \nhttps://support.apple.com/en-us/HT213929 \nhttps://support.apple.com/en-us/HT213931",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.09.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06111",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-41991",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "iOS, iPadOS, MacOS, watchOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Apple Inc. iOS \u0434\u043e 16.7 , Apple Inc. iOS 17.0 , Apple Inc. iPadOS 17.0 , Apple Inc. iPadOS \u0434\u043e 16.7 , Apple Inc. MacOS Ventura \u0434\u043e 13.6 , Apple Inc. watchOS \u0434\u043e 9.6.3 , Apple Inc. watchOS 10.0 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Security \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, watchOS, iPadOS \u0438 macOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 (CWE-295)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Security \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, watchOS, iPadOS \u0438 macOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securitylab.ru/news/542129.php\nhttps://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/\nhttps://vuldb.com/ru/?id.240160\nhttps://xakep.ru/2023/09/25/apple-predator/\nhttp://seclists.org/fulldisclosure/2023/Sep/14 \nhttp://seclists.org/fulldisclosure/2023/Sep/15 \nhttp://seclists.org/fulldisclosure/2023/Sep/16  \nhttp://seclists.org/fulldisclosure/2023/Sep/17 \nhttp://seclists.org/fulldisclosure/2023/Sep/19 \nhttps://support.apple.com/en-us/HT213926  \nhttps://support.apple.com/en-us/HT213927 \nhttps://support.apple.com/en-us/HT213928 \nhttps://support.apple.com/en-us/HT213929 \nhttps://support.apple.com/en-us/HT213931",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-295",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-41991 (GCVE-0-2023-41991)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Vulnerability from emb3d

Vulnerability from emb3d

Tags

Sightings

Nomenclature