Privilege Elevation Vulnerability in Apple iOS and tvOS Products
CVE-2023-41068

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Watch OS
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-41068?

An access control vulnerability exists in Apple's iOS and tvOS platforms that allows a user to potentially elevate privileges, leading to unauthorized actions within the system. This issue has been addressed with enhanced access restrictions in the latest versions, ensuring that users are adequately restricted from privileged functions unless appropriately authorized. It is crucial for users to update their devices to the latest versions to mitigate any potential exploitation of this vulnerability.

Affected Version(s)

iOS and iPadOS < 17

iOS and iPadOS < 16.7

tvOS < 17

References

https://support.apple.com/en-us/HT213938

https://support.apple.com/en-us/HT213927

https://support.apple.com/en-us/HT213936

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 22, 2023