Denial-of-Service Vulnerability in Apple Operating Systems
CVE-2023-23524

7.5HIGH

Key Information:

Vendor: Apple
Status: iOS and iPadOS; watchOS; macOS; tvOS
Vendor: CVE Published:; 27 February 2023

Summary

A vulnerability affecting various Apple operating systems allows for denial-of-service attacks due to insufficient input validation when handling specially crafted certificates. This flaw could enable an attacker to disrupt the normal operation of affected devices, necessitating users to ensure they are updated to the latest software versions, including iOS 16.3.1, macOS Ventura 13.2.1, and others. The issue has been addressed with improvements in input validation, emphasizing the importance of regular software updates for security.

Affected Version(s)

iOS and iPadOS < 16.3

macOS < 13.2

tvOS < 16.3

References

https://support.apple.com/en-us/HT213635

https://support.apple.com/en-us/HT213634

https://support.apple.com/en-us/HT213633

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023