← back
CVE-2023-38606

CVE-2023-38606

CVSS 5.5 MEDIUMEPSS 1.0%● KEV
In short

A flaw in Apple's kernel state management could allow an app running on your device to modify sensitive system-level settings without proper authorization. This vulnerability has been actively exploited in real-world attacks.

Technical detail

This kernel state management vulnerability allows a local app to modify sensitive kernel state through improper state handling. Exploitation requires a malicious app installed on the device; the issue affects multiple Apple platforms and has been documented in active exploitation campaigns prior to iOS 15.7.1.

Summary generated and translated by AI from the official description.
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
Apple · iOS and iPadOSApple · macOSApple · tvOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213841https://support.apple.com/en-us/HT213842https://support.apple.com/en-us/HT213843https://support.apple.com/en-us/HT213844https://support.apple.com/en-us/HT213845https://support.apple.com/en-us/HT213846https://support.apple.com/en-us/HT213848https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38606