Apple Addresses Privilege Elevation Vulnerability in macOS Monterey and Later Releases
CVE-2023-41992

7.8HIGH

Key Information:

Vendor
Apple
Status
Mac OS
iOS And iPad OS
Vendor
CVE Published:
21 September 2023

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

This vulnerability allows a local attacker to elevate their privileges on affected versions of macOS and iOS. Apple has released fixes in macOS Monterey 12.7, iOS 16.7, iPadOS 16.7, and macOS Ventura 13.6. The company is aware of reports indicating that this vulnerability may have been actively exploited prior to the release of the security updates. Enhanced checks were implemented to mitigate the risk of exploitation, highlighting the importance of maintaining up-to-date software on Apple devices.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 16.7

macOS < 12.7

macOS < 13.6

News Articles

favicon imageComputer Weekly

Apple fixes three vulnerabilities found by spyware researchers | Computer Weekly

Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab

favicon imageDuo Security

Apple Fixes Trio of Actively Exploited Bugs

The three zero days (CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993) impact various versions of macOS, iOS, iPadOS and watchOS.

favicon imageThe Hacker News

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Attention iPhone and iPad users! Apple rushes in with iOS 17.0.3 and iPadOS 17.0.3 updates to patch an actively exploited kernel vulnerability.

References

https://support.apple.com/en-us/HT213932
https://support.apple.com/en-us/HT213927
https://support.apple.com/en-us/HT213931

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🦅

    CISA Reported

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Register

  • Vulnerability published

  • Vulnerability Reserved

.