CVE-2023-41061

HIGH KEV

watchOS <9.6.2-iPadOS <16.6.1 - RCE

Title source: llm

Description

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

References (7)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Sep/4

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Sep/5

[Vendor Advisory] https://support.apple.com/en-us/HT213905

[Vendor Advisory] https://support.apple.com/en-us/HT213907

[Vendor Advisory] https://support.apple.com/kb/HT213905

[Vendor Advisory] https://support.apple.com/kb/HT213907

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41061

Scores

CVSS v3 7.8

EPSS 0.0098

EPSS Percentile 76.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-09-11

VulnCheck KEV 2023-09-07

InTheWild.io 2023-09-07

ENISA EUVD EUVD-2023-45582

CWE

CWE-20

Status published

Products (3)

apple/ipados < 16.6.1

apple/iphone_os < 16.6.1

apple/watchos < 9.6.2

Published Sep 07, 2023

KEV Added Sep 11, 2023

Tracked Since Feb 18, 2026