Arbitrary Code Execution Vulnerability in Apple iOS and macOS Products
CVE-2023-38261

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS and iPadOS; macOS
Vendor: CVE Published:; 27 July 2023

What is CVE-2023-38261?

A significant vulnerability in Apple's iOS, iPadOS, and macOS is characterized by improper memory handling, which could permit an application to execute arbitrary code with elevated kernel privileges. This security flaw has been effectively addressed in iOS 16.6, iPadOS 16.6, and macOS Ventura 13.5, reinforcing system integrity against unauthorized operations.

Affected Version(s)

iOS and iPadOS < 16.6

macOS < 13.5

References

https://support.apple.com/en-us/HT213841

https://support.apple.com/en-us/HT213843

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Jul 20, 2023