CVE-2023-41064

Name of the Vulnerable Software and Affected Versions Apple iOS, iPadOS, and macOS versions prior to 16.6.1 Apple macOS Monterey versions prior to 12.6.9 Apple macOS Ventura versions prior to 13.5.2 Apple iOS versions prior to 15.7.9 Apple iPadOS versions prior to 15.7.9 Apple macOS Big Sur versions prior to 11.7.10

Description A buffer overflow issue exists in the ImageIO component of Apple iOS, iPadOS, and macOS. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of reports that this issue has been actively exploited in attacks such as BLASTPASS, which leveraged PassKit attachments containing malicious images. The vulnerability has been linked to the Pegasus spyware. The issue is related to a flaw in the handling of images and may allow an attacker to execute code on a targeted device.

Recommendations Update to iOS 16.6.1 or later. Update to iPadOS 16.6.1 or later. Update to macOS Ventura 13.5.2 or later. Update to iOS 15.7.9 or later. Update to iPadOS 15.7.9 or later. Update to macOS Monterey 12.6.9 or later. Update to macOS Big Sur 11.7.10 or later.