Memory Handling Flaw in Apple Software Products
CVE-2023-40432

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Mac OS; Watch OS
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-40432?

A vulnerability has been identified in Apple's software suite due to inadequate memory handling processes. This flaw may enable an app to execute arbitrary code with kernel privileges, posing significant security risks. The issue has been addressed in the latest updates for tvOS, iOS, iPadOS, watchOS, and macOS, underscoring the importance of keeping systems current to mitigate potential threats.

Affected Version(s)

iOS and iPadOS < 17

macOS < 14

tvOS < 17

References

https://support.apple.com/en-us/HT213938

https://support.apple.com/en-us/HT213936

https://support.apple.com/en-us/HT213940

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 14, 2023