CVE-2023-41982

low-risk
Published 2023-10-25

This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
PHYSICAL / LOW complexity

Affected Products (4)

Affected Vendors

Apple

References (24)

Mailing List http://seclists.org/fulldisclosure/2023/Oct/19
Mailing List http://seclists.org/fulldisclosure/2023/Oct/23
Mailing List http://seclists.org/fulldisclosure/2023/Oct/24
Mailing List http://seclists.org/fulldisclosure/2023/Oct/25
Release Notes https://support.apple.com/en-us/HT213981
Release Notes https://support.apple.com/en-us/HT213982
Release Notes https://support.apple.com/en-us/HT213984
Release Notes https://support.apple.com/en-us/HT213988
Release Notes https://support.apple.com/kb/HT213981
Release Notes https://support.apple.com/kb/HT213982
Release Notes https://support.apple.com/kb/HT213984
Release Notes https://support.apple.com/kb/HT213988
Mailing List http://seclists.org/fulldisclosure/2023/Oct/19
Mailing List http://seclists.org/fulldisclosure/2023/Oct/23
Mailing List http://seclists.org/fulldisclosure/2023/Oct/24
Mailing List http://seclists.org/fulldisclosure/2023/Oct/25
Release Notes https://support.apple.com/en-us/HT213981
Release Notes https://support.apple.com/en-us/HT213982
Release Notes https://support.apple.com/en-us/HT213984
Release Notes https://support.apple.com/en-us/HT213988
and 4 more references
26
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 10/34 · Low