← back
CVE-2023-41992

CVE-2023-41992

CVSS 7.8 HIGHEPSS 2.9%● KEVCWE-754
In short

A local attacker on an Apple device could gain higher privileges (admin-like access) by exploiting a flaw in system checks. This was actively being exploited in the wild before the fix was released.

Technical detail

Privilege escalation vulnerability affecting macOS and iOS through insufficient validation checks (CWE-754). Requires local access; fixed in macOS Monterey 12.7, Ventura 13.6, and iOS/iPadOS 16.7. CVSS 7.8 reflects significant impact on system integrity and confidentiality.

Summary generated and translated by AI from the official description.
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOS
public PoCs found1
githubgithub.com/WHW0x455/CVE-2023-4199255
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213927https://support.apple.com/en-us/HT213931https://support.apple.com/en-us/HT213932https://support.apple.com/kb/HT213927https://support.apple.com/kb/HT213932https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41992