CVE-2023-41061

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 16.6.1 Apple iPadOS versions prior to 16.6.1 Apple watchOS versions prior to 9.6.2

Description A validation issue was addressed with improved logic. This issue may result in arbitrary code execution when a maliciously crafted attachment is processed. Apple is aware of a report that this issue may have been actively exploited. The vulnerability is related to the Wallet component and may allow an attacker to execute code via a maliciously crafted attachment.

Recommendations For Apple iOS versions prior to 16.6.1, update to iOS 16.6.1 or later to fix the issue. For Apple iPadOS versions prior to 16.6.1, update to iPadOS 16.6.1 or later to fix the issue. For Apple watchOS versions prior to 9.6.2, update to watchOS 9.6.2 or later to fix the issue. As a temporary workaround, consider disabling the processing of attachments in the Wallet application until a patch is available. Restrict access to the Wallet component to minimize the risk of exploitation. Avoid using the Wallet application to process attachments from untrusted sources until the issue is resolved.