Multiple vulnerabilities in Apple iOS 16 and iPadOS 16



| Updated: 2024-10-09
Risk Critical
Patch available YES
Number of vulnerabilities 19
CVE-ID CVE-2023-41992
CVE-2023-41991
CVE-2023-41993
CVE-2023-35990
CVE-2023-40395
CVE-2023-40403
CVE-2023-40420
CVE-2023-40448
CVE-2023-40454
CVE-2023-41063
CVE-2023-41068
CVE-2023-41070
CVE-2023-41073
CVE-2023-41232
CVE-2023-41981
CVE-2023-41984
CVE-2023-40438
CVE-2023-38612
CVE-2023-40401
CWE-ID CWE-20
CWE-347
CWE-119
CWE-264
CWE-388
CWE-125
CWE-254
CWE-284
CWE-285
CWE-378
CWE-287
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #2 is being exploited in the wild.
Vulnerability #3 is being exploited in the wild.
Vulnerable software
iPadOS
Operating systems & Components / Operating system

Apple iOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 19 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU81040

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-41992

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 16.0 20A362 - 16.6.1

Apple iOS: 16.0 20A362 - 16.6.1 20G81

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU81041

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-41991

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker application to bypass implemented security restrictions.

The vulnerability exists due to improper verification of cryptographic signature within the Security component. A remote attacker can create a specially crafted application that can bypass signature validation process, trick the victim into installing it and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 16.0 20A362 - 16.6.1

Apple iOS: 16.0 20A362 - 16.6.1 20G81

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Buffer overflow

EUVDB-ID: #VU81042

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-41993

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 16.0 20A362 - 16.6.1

Apple iOS: 16.0 20A362 - 16.6.1 20G81

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU81183

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35990

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in Safari. A local application can identify what other apps a user has installed.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Error Handling

EUVDB-ID: #VU81153

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40395

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper error handling in Game Center. A local application can access contacts.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU81168

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40403

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in libxslt. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU81149

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40420

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in CoreAnimation. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Security features bypass

EUVDB-ID: #VU81137

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40448

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation in App Store. A remote attacker can trick the victim to visit a specially crafted website and break out of Web Content sandbox.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper access control

EUVDB-ID: #VU81166

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40454

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to delete arbitrary files on the system.

The vulnerability exists due to improper access restrictions in libxpc. A local application can delete arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU81175

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41063

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper access control

EUVDB-ID: #VU81206

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41068

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in MobileStorageMounter. A local application can bypass implemented security restrictions and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Authorization

EUVDB-ID: #VU81186

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41070

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper authorization in Share Sheet. A local application can access sensitive data logged when a user shares a link.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper Authorization

EUVDB-ID: #VU81167

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41073

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper authorization in libxpc. A local application can gain unauthorized access to protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU81201

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41232

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Biometric Authentication component. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security features bypass

EUVDB-ID: #VU81161

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41981

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper memory handling. A local user can bypass kernel memory mitigations and execute arbitrary code on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU81162

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41984

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 16.7

Apple iOS: before 16.7 20H19

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Creation of Temporary File With Insecure Permissions

EUVDB-ID: #VU84749

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40438

CWE-ID: CWE-378 - Creation of Temporary File With Insecure Permissions

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper handling of temporary files in Core Image. A local application can access edited photos saved to a temporary directory.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apple iOS: 16.0 20A362 - 16.6.1 20G81

iPadOS: 16.0 20A362 - 16.6.1

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper access control

EUVDB-ID: #VU84739

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38612

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Ask to Buy. A local application can gain access to sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 16.0 20A362 - 16.6.1

Apple iOS: 16.0 20A362 - 16.6.1 20G81

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper Authentication

EUVDB-ID: #VU82406

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40401

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due to improper authentication in Passkeys. An attacker with physical access to the device can access passkeys without authentication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 16.0 20A362 - 16.6.1

Apple iOS: 16.0 20A362 - 16.6.1 20G81

CPE2.3 External links

http://support.apple.com/en-us/HT213927


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###