CVE-2023-41992

moderate-risk

Published 2023-09-21

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Do I need to act?

1.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (5)

Ipados

Iphone Os

Macos

Affected Vendors

Apple

References (9)

Vendor Advisory https://support.apple.com/en-us/HT213927

Vendor Advisory https://support.apple.com/en-us/HT213931

Vendor Advisory https://support.apple.com/en-us/HT213932

Vendor Advisory https://support.apple.com/en-us/HT213927

Vendor Advisory https://support.apple.com/en-us/HT213931

Vendor Advisory https://support.apple.com/en-us/HT213932

Vendor Advisory https://support.apple.com/kb/HT213927

Vendor Advisory https://support.apple.com/kb/HT213932

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 10/34 · Low

Exposure 12/34 · Low