CVE-2023-41061

moderate-risk
Published 2023-09-07

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Do I need to act?

-
0.98% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (3)

Affected Vendors

Apple

References (13)

Mailing List http://seclists.org/fulldisclosure/2023/Sep/4
Mailing List http://seclists.org/fulldisclosure/2023/Sep/5
Vendor Advisory https://support.apple.com/en-us/HT213905
Vendor Advisory https://support.apple.com/en-us/HT213907
Vendor Advisory https://support.apple.com/kb/HT213905
Vendor Advisory https://support.apple.com/kb/HT213907
Mailing List http://seclists.org/fulldisclosure/2023/Sep/4
Mailing List http://seclists.org/fulldisclosure/2023/Sep/5
Vendor Advisory https://support.apple.com/en-us/HT213905
Vendor Advisory https://support.apple.com/en-us/HT213907
Vendor Advisory https://support.apple.com/kb/HT213905
Vendor Advisory https://support.apple.com/kb/HT213907
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...
43
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 10/34 · Low
Exposure 9/34 · Low