CVE-2023-41061

HIGH KEV

watchOS <9.6.2-iPadOS <16.6.1 - RCE

Title source: llm

Exploitation Summary

CVE-2023-41061 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 11, 2023.

Description

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

References (7)

Core 7

Core References

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2023/Sep/4

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2023/Sep/5

Vendor Advisory

https://support.apple.com/en-us/HT213905

Vendor Advisory

https://support.apple.com/en-us/HT213907

Vendor Advisory

https://support.apple.com/kb/HT213905

Vendor Advisory

https://support.apple.com/kb/HT213907

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41061

Scores

CVSS v3 7.8

EPSS 0.0114

EPSS Percentile 78.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2023-09-11

VulnCheck KEV 2023-09-07

InTheWild.io 2023-09-07

ENISA EUVD EUVD-2023-45582

CWE

CWE-20

Status published

Products (3)

apple/ipados < 16.6.1

apple/iphone_os < 16.6.1

apple/watchos < 9.6.2

Published Sep 07, 2023

KEV Added Sep 11, 2023

Tracked Since Feb 18, 2026