Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 18 |
| CVE-ID | CVE-2023-32403 CVE-2023-32373 CVE-2023-28204 CVE-2023-32408 CVE-2023-32412 CVE-2023-32391 CVE-2023-32397 CVE-2023-32365 CVE-2023-32407 CVE-2023-32388 CVE-2023-32398 CVE-2023-32413 CVE-2023-27940 CVE-2023-32410 CVE-2023-32384 CVE-2023-28181 CVE-2023-23532 CVE-2023-32425 |
| CWE-ID | CWE-312 CWE-416 CWE-125 CWE-200 CWE-357 CWE-269 CWE-371 CWE-254 CWE-362 CWE-264 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
Apple iOS Operating systems & Components / Operating system iPadOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
1) Cleartext storage of sensitive information
EUVDB-ID: #VU76332
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32403
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to NetworkExtension stores potentially sensitive data in files. A local application can read sensitive location information.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU76312
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-32373
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Out-of-bounds read
EUVDB-ID: #VU76310
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-28204
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted webpage, trigger an out-of-bounds read error and read contents of memory on the system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Information disclosure
EUVDB-ID: #VU76348
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32408
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of caches in TV App. A local application can read sensitive location information.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU76347
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32412
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Telephony service. A remote attacker can trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Insufficient UI Warning of Dangerous Operations
EUVDB-ID: #VU76341
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32391
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in the Shortcuts component. A remote attacker can trick the victim into clocking on a malicious shortcut and use sensitive data with certain actions without prompting the user.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Privilege Management
EUVDB-ID: #VU76340
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32397
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in the Shell component. A local local application can modify protected parts of the file system.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) State Issues
EUVDB-ID: #VU76354
Risk: Low
CVSSv3.1: 1.8 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32365
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows an attacker to bypass certain security restrictions.
The vulnerability exists due to a state issue in the Photos app. The Shake-to-undo feature can allow a deleted photo to be re-surfaced without authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Privilege Management
EUVDB-ID: #VU76327
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-32407
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in Metal. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Security features bypass
EUVDB-ID: #VU76301
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32388
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a privacy issue when writing data to log entries in Accessibility component. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU76322
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Race condition
EUVDB-ID: #VU76323
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32413
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the /dev/fd filesystem. A local user can exploit the race and execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU76321
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27940
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the OS kernel. A local application can observe system-wide network connections.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU76318
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32410
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in IOSurface. A local application can trigger an out-of-bounds read error and read contents of kernel memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU76317
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32384
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can create a specially crafted EXR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU74074
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28181
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CoreCapture. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
Install update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU74066
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23532
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper restrictions management in Apple Neural Engine. A local application can break out of its sandbox.
Install update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU80610
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32425
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsApple iOS: 15.0 19A346 - 15.7.5 19H332
iPadOS: 15.0 19A346 - 15.7.5 19H332
External linkshttp://support.apple.com/en-us/HT213765
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
