Improper Verification of Cryptographic Signature in Apple iOS and iPadOS - CVE-2023-41991
Published: September 21, 2023 / Updated: February 21, 2025
Vulnerability identifier: #VU81041
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-41991
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Detailed vulnerability description
The vulnerability allows a remote attacker application to bypass implemented security restrictions.
The vulnerability exists due to improper verification of cryptographic signature within the Security component. A remote attacker can create a specially crafted application that can bypass signature validation process, trick the victim into installing it and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2023-41991
Install updates from vendor's website.