CVE-2023-41991

Name of the Vulnerable Software and Affected Versions Apple macOS, iOS, iPadOS, and watchOS (affected versions not specified) Apple CoreTrust (affected versions not specified)

Description A certificate validation issue exists in Apple’s CoreTrust security component, potentially allowing malicious applications to bypass signature validation. Reports indicate that this issue may have been actively exploited against versions of iOS prior to version 16.7. The CoreTrust vulnerability, identified as CVE-2023-41991, was reportedly exploited by commercial surveillance vendors, including Intellexa and NSO Group, to install malicious software on iPhones. The issue involves incorrect validation of apps with multiple signers, allowing attackers to circumvent normal signature checks. This flaw was used in conjunction with other vulnerabilities, such as local privilege escalation and remote code execution. The exploit was significant enough that Apple released patches in iOS versions 16.7 and 17.0.1, as well as macOS Ventura 13.6, watchOS 9.6.3, and watchOS 10.0.1 to address the vulnerability.

Recommendations Update to iOS version 16.7 or later. Update to iPadOS version 16.7 or later. Update to macOS Ventura version 13.6 or later. Update to watchOS version 9.6.3 or later. Update to watchOS version 10.0.1 or later. Update to iOS version 17.0.1 or later. Update to iPadOS version 17.0.1 or later.