CVE-2023-41974
CVE-2023-41974
In short
A memory management flaw in Apple's iOS and iPadOS allows an app to use memory that was already freed, potentially letting it run malicious code with system-level privileges. This is a critical issue because it gives attackers direct control over the device's core functions.
Technical detail
Use-after-free vulnerability in iOS/iPadOS memory management (CWE-416) exploitable by local apps to achieve arbitrary code execution with kernel privileges. The vulnerability was patched in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7; affected versions prior to these releases are vulnerable to privilege escalation attacks from installed applications.
Summary generated and translated by AI from the official description.
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kithttps://support.apple.com/en-us/120949https://support.apple.com/en-us/126632https://support.apple.com/en-us/HT213938https://support.apple.com/kb/HT213938https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974