PT-2023-2614 · Apple · Ios+2
Clément Lecigne
+1
·
Published
2023-04-07
·
Updated
2026-01-25
·
CVE-2023-28206
CVSS v3.1
8.6
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apple iOS versions prior to 15.7.5 and 16.4.1
Apple iPadOS versions prior to 15.7.5 and 16.4.1
Apple macOS versions prior to 11.7.6, 12.6.5, and 13.3.1
Description
An out-of-bounds write issue was addressed with improved input validation, allowing an app to potentially execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Recommendations
For Apple iOS versions prior to 15.7.5 and 16.4.1, update to iOS 15.7.5 or iOS 16.4.1.
For Apple iPadOS versions prior to 15.7.5 and 16.4.1, update to iPadOS 15.7.5 or iPadOS 16.4.1.
For Apple macOS versions prior to 11.7.6, update to macOS Big Sur 11.7.6.
For Apple macOS versions prior to 12.6.5, update to macOS Monterey 12.6.5.
For Apple macOS versions prior to 13.3.1, update to macOS Ventura 13.3.1.
Exploit
Fix
LPE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados