Remote Code Execution Vulnerability in Apple Products
CVE-2023-40400

9.8CRITICAL

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Mac OS; Watch OS
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-40400?

A critical vulnerability identified in certain Apple operating systems allows a remote attacker to potentially cause unexpected app termination or even execute arbitrary code. This flaw has been addressed through enhanced checks in the latest iterations of iOS, iPadOS, tvOS, watchOS, and macOS. Users are urged to update their systems to the latest versions to mitigate any risks associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 17

macOS < 14

tvOS < 17

References

https://support.apple.com/en-us/HT213938

https://support.apple.com/en-us/HT213936

https://support.apple.com/en-us/HT213940

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 14, 2023