CVE-2023-38606

Name of the Vulnerable Software and Affected Versions macOS Monterey versions prior to 12.6.8 iOS versions prior to 15.7.8 iPadOS versions prior to 15.7.8 iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Big Sur versions prior to 11.7.9 macOS Ventura versions prior to 13.5 watchOS versions prior to 9.6

Description An issue exists where an app may be able to modify sensitive kernel state due to a memory out-of-bounds operation. This allows unauthorized access to sensitive information and full control of the device by bypassing kernel memory hardware protections. The exploitation involves writing data, destination addresses, and data hashes into undocumented and unused hardware registers (MMIO registers) within Apple SoCs. There are reports that this issue was actively exploited against versions of iOS released before iOS 15.7.1.

Recommendations Update macOS Monterey to version 12.6.8. Update iOS to version 15.7.8 or 16.6. Update iPadOS to version 15.7.8 or 16.6. Update tvOS to version 16.6. Update macOS Big Sur to version 11.7.9. Update macOS Ventura to version 13.5. Update watchOS to version 9.6.