Arbitrary Code Execution Vulnerability in macOS Sonoma 14
CVE-2023-41993
Key Information:
Badges
What is CVE-2023-41993?
A significant vulnerability has been identified in Apple’s macOS Sonoma and older versions of iOS, where improperly handled web content could allow for arbitrary code execution. Users of macOS Sonoma 14 and earlier versions of iOS should be aware that this issue may have been actively exploited. Apple has addressed the issue with improved checks in its latest updates, emphasizing the importance of keeping devices updated to safeguard against potential security threats.
CISA has reported CVE-2023-41993
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-41993 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
macOS < 14
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved