Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 19 |
| CVE-ID | CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-35990 CVE-2023-40395 CVE-2023-40403 CVE-2023-40420 CVE-2023-40448 CVE-2023-40454 CVE-2023-41063 CVE-2023-41068 CVE-2023-41070 CVE-2023-41073 CVE-2023-41232 CVE-2023-41981 CVE-2023-41984 CVE-2023-40438 CVE-2023-38612 CVE-2023-40401 |
| CWE-ID | CWE-20 CWE-347 CWE-119 CWE-264 CWE-388 CWE-125 CWE-254 CWE-284 CWE-285 CWE-378 CWE-287 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. |
| Vulnerable software Subscribe |
iPadOS Operating systems & Components / Operating system Apple iOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU81040
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-41992
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 16.0 20A362 - 16.6.1
Apple iOS: 16.0 20A362 - 16.6.1
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU81041
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-41991
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker application to bypass implemented security restrictions.
The vulnerability exists due to improper verification of cryptographic signature within the Security component. A remote attacker can create a specially crafted application that can bypass signature validation process, trick the victim into installing it and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 16.0 20A362 - 16.6.1
Apple iOS: 16.0 20A362 - 16.6.1
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Buffer overflow
EUVDB-ID: #VU81042
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-41993
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 16.0 20A362 - 16.6.1
Apple iOS: 16.0 20A362 - 16.6.1
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU81183
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35990
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Safari. A local application can identify what other apps a user has installed.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Error Handling
EUVDB-ID: #VU81153
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40395
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper error handling in Game Center. A local application can access contacts.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU81168
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40403
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in libxslt. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU81149
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40420
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in CoreAnimation. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security features bypass
EUVDB-ID: #VU81137
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40448
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation in App Store. A remote attacker can trick the victim to visit a specially crafted website and break out of Web Content sandbox.
Install update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper access control
EUVDB-ID: #VU81166
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40454
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to delete arbitrary files on the system.
The vulnerability exists due to improper access restrictions in libxpc. A local application can delete arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU81175
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41063
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
Install update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper access control
EUVDB-ID: #VU81206
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41068
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in MobileStorageMounter. A local application can bypass implemented security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper Authorization
EUVDB-ID: #VU81186
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41070
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper authorization in Share Sheet. A local application can access sensitive data logged when a user shares a link.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper Authorization
EUVDB-ID: #VU81167
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41073
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper authorization in libxpc. A local application can gain unauthorized access to protected user data.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU81201
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41232
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Biometric Authentication component. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Security features bypass
EUVDB-ID: #VU81161
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41981
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper memory handling. A local user can bypass kernel memory mitigations and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU81162
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41984
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
Install update from vendor's website.
Vulnerable software versionsiPadOS: before 16.7
Apple iOS: before 16.7
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Creation of Temporary File With Insecure Permissions
EUVDB-ID: #VU84749
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40438
CWE-ID:
CWE-378 - Creation of Temporary File With Insecure Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper handling of temporary files in Core Image. A local application can access edited photos saved to a temporary directory.
Install updates from vendor's website.
Vulnerable software versionsApple iOS: 16.0 20A362 - 16.6.1
iPadOS: 16.0 20A362 - 16.6.1
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper access control
EUVDB-ID: #VU84739
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38612
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Ask to Buy. A local application can gain access to sensitive user information.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 16.0 20A362 - 16.6.1
Apple iOS: 16.0 20A362 - 16.6.1
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper Authentication
EUVDB-ID: #VU82406
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40401
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows an attacker to bypass authentication process.
The vulnerability exists due to improper authentication in Passkeys. An attacker with physical access to the device can access passkeys without authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 16.0 20A362 - 16.6.1
Apple iOS: 16.0 20A362 - 16.6.1
External linkshttp://support.apple.com/en-us/HT213927
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
