Weakness in Apple Operating Systems Leading to Arbitrary Code Execution
CVE-2023-40412

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; TV OS; Watch OS
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-40412?

A vulnerability exists in Apple operating systems due to insufficient memory handling, allowing an application to potentially execute arbitrary code with kernel privileges. This could result in severe security implications, as it may enable unauthorized access to sensitive system resources. This issue has been resolved in the latest versions of macOS Ventura, tvOS, macOS Monterey, watchOS, iOS, and iPadOS.

Affected Version(s)

iOS and iPadOS < 17

macOS < 12.7

macOS < 13.6

References

https://support.apple.com/en-us/HT213938

https://support.apple.com/en-us/HT213932

https://support.apple.com/en-us/HT213931

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 14, 2023