CVE-2023-42824

CVSS 7.8 HIGHEPSS 0.9%● KEV

In short

A flaw in iOS and iPadOS allows someone with local access to the device to gain higher privileges than they should have. This is a serious issue because it means a limited user account could take control of the entire system.

Technical detail

A privilege escalation vulnerability in iOS/iPadOS 16.x (before 16.7.1) allows a local attacker to elevate privileges through improved checks that were not enforced. The vulnerability requires local access to the device and has been observed in active exploits targeting versions prior to iOS 16.6, resulting in unauthorized system-level control.

Summary generated and translated by AI from the official description.

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Apple · iOS and iPadOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/en-us/HT213972 https://support.apple.com/kb/HT213961 https://support.apple.com/kb/HT213972 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42824