CVE-2023-41064
CVE-2023-41064
In short
A buffer overflow flaw in image processing allows attackers to execute arbitrary code by sending a specially crafted image to Apple devices. This is a serious vulnerability because it can give attackers complete control over your device.
Technical detail
Buffer overflow vulnerability in image processing (CWE-120) triggered by malicious image files; requires user interaction or automatic processing depending on context; allows arbitrary code execution with potential for privilege escalation; fixed through improved memory handling and bounds checking.
Summary generated and translated by AI from the official description.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
public PoCs found — 3
githubgithub.com/MrR0b0t19/CVE-2023-41064★ 3githubgithub.com/MrR0b0t19/vulnerabilidad-LibWebP-CVE-2023-41064★ 0githubgithub.com/K4Der11000/k4_cve-2023-41064★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.apple.com/en-us/HT213905https://support.apple.com/en-us/HT213906https://support.apple.com/en-us/HT213913https://support.apple.com/en-us/HT213914https://support.apple.com/en-us/HT213915https://support.apple.com/kb/HT213913https://support.apple.com/kb/HT213915https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41064http://www.openwall.com/lists/oss-security/2023/09/21/4