CVE-2023-38598

CRITICAL

iPadOS < 15.7.8 - Use-After-Free

Title source: llm

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

References (14)

Core 14

Core References

Vendor Advisory

https://support.apple.com/en-us/HT213844

Vendor Advisory

https://support.apple.com/en-us/HT213845

Vendor Advisory

https://support.apple.com/en-us/HT213846

Vendor Advisory

https://support.apple.com/en-us/HT213848

Vendor Advisory

https://support.apple.com/kb/HT213841

Vendor Advisory

https://support.apple.com/kb/HT213842

Vendor Advisory

https://support.apple.com/en-us/HT213841

Vendor Advisory

https://support.apple.com/en-us/HT213842

Vendor Advisory

https://support.apple.com/en-us/HT213843

Vendor Advisory

https://support.apple.com/kb/HT213843

Vendor Advisory

https://support.apple.com/kb/HT213844

Vendor Advisory

https://support.apple.com/kb/HT213845

Vendor Advisory

https://support.apple.com/kb/HT213846

Vendor Advisory

https://support.apple.com/kb/HT213848

Scores

CVSS v3 9.8

EPSS 0.0086

EPSS Percentile 75.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-416

Status published

Products (5)

apple/ipados < 15.7.8

apple/iphone_os < 15.7.8

apple/macos < 11.7.9

apple/tvos < 16.6

apple/watchos < 9.6

Published Jul 28, 2023

Tracked Since Feb 18, 2026