CVE-2023-41992

Name of the Vulnerable Software and Affected Versions Apple macOS versions prior to 12.7 Apple iOS versions prior to 16.7 Apple iPadOS versions prior to 16.7 Apple watchOS versions prior to 9.6.3 Apple macOS Ventura versions prior to 13.6 Apple watchOS versions prior to 10.0.1 Apple iPadOS versions prior to 17.0.1 Apple iOS versions prior to 17.0.1

Description The issue involves insufficient checks when processing web content within the kernel of iOS, watchOS, iPadOS, and macOS, potentially allowing an attacker to elevate their privileges. Reports indicate that this issue may have been actively exploited in versions of iOS prior to iOS 16.7. The vulnerability allows malicious applications to bypass signature validation and gain elevated privileges. The issue was addressed by implementing improved checks. The vulnerability affects multiple Apple platforms. Technical details reveal the exploitation involves triggering a bug on an old thread, invoking ipc entry grow table() through mach port allocate name(), and subsequently calling mach thread self() to obtain a new mach name.

Recommendations Update macOS to version 12.7 or later. Update iOS to version 16.7 or later. Update iPadOS to version 16.7 or later. Update watchOS to version 9.6.3 or later. Update macOS Ventura to version 13.6 or later. Update watchOS to version 10.0.1 or later. Update iPadOS to version 17.0.1 or later. Update iOS to version 17.0.1 or later.