PT-2023-2614 · Apple · Ios+2

Clément Lecigne

Publicado

2023-04-07

Atualizado

2026-01-25

CVE-2023-28206

CVSS v3.1

8.6

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 15.7.5 and 16.4.1 Apple iPadOS versions prior to 15.7.5 and 16.4.1 Apple macOS versions prior to 11.7.6, 12.6.5, and 13.3.1

Description An out-of-bounds write issue was addressed with improved input validation, allowing an app to potentially execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Recommendations For Apple iOS versions prior to 15.7.5 and 16.4.1, update to iOS 15.7.5 or iOS 16.4.1. For Apple iPadOS versions prior to 15.7.5 and 16.4.1, update to iPadOS 15.7.5 or iPadOS 16.4.1. For Apple macOS versions prior to 11.7.6, update to macOS Big Sur 11.7.6. For Apple macOS versions prior to 12.6.5, update to macOS Monterey 12.6.5. For Apple macOS versions prior to 13.3.1, update to macOS Ventura 13.3.1.

Exploit

Correção

LPE

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

BDU:2023-02453

CVE-2023-28206

Produtos afetados

Apple Macos

Ios

Ipados

PT-2023-2614 · Apple · Ios+2

CVE-2023-28206

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37