Memory Handling Vulnerability in Apple iOS and iPadOS Products
CVE-2023-38136

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS and iPadOS; watchOS
Vendor: CVE Published:; 27 July 2023

What is CVE-2023-38136?

A memory handling issue in Apple's iOS, iPadOS, and watchOS has been addressed, which could allow an app to execute arbitrary code with kernel privileges. This vulnerability highlights the importance of timely updates and the implementation of security patches to maintain device integrity and user security.

Affected Version(s)

iOS and iPadOS < 16.6

watchOS < 9.6

References

https://support.apple.com/en-us/HT213841

https://support.apple.com/en-us/HT213848

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Jul 20, 2023