CVE-2023-28206

HIGH KEV

Apple Ipados < 15.7.5 - Out-of-Bounds Write

Title source: rule

Description

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Exploits (2)

nomisec WORKING POC 8 stars

by acceleratortroll · local

https://github.com/acceleratortroll/acceleratortroll

View Code ZIP pw:eip

inthewild

poc

https://github.com/zzy3312/cve-2023-28206

View on inthewild

References (6)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213720

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213721

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213723

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213724

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213725

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28206

Scores

CVSS v3 8.6

EPSS 0.2412

EPSS Percentile 96.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CISA KEV 2023-04-10

VulnCheck KEV 2023-04-07

InTheWild.io 2023-04-07

ENISA EUVD EUVD-2023-31914

CWE

CWE-787

Status published

Products (3)

apple/ipados < 15.7.5

apple/iphone_os < 15.7.5

apple/macos < 11.7.6

Published Apr 10, 2023

KEV Added Apr 10, 2023

Tracked Since Feb 18, 2026