CVE-2023-41991

MEDIUM KEV

iPadOS < 16.7 and iPhone OS < 16.7 - Certificate Validation Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-41991 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 25, 2023. EIP tracks 3 public exploits from researchers including itsgiddd, dmytrozykov.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2023-41991, which involves manipulating code signatures in macOS binaries to bypass CoreTrust validation. The code modifies signature blobs and code directories to achieve an authentication bypass.

Description

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Exploits (3)

nomisec WORKING POC 6 stars
by itsgiddd · poc
https://github.com/itsgiddd/CVE-2023-41991

This repository contains a functional exploit PoC for CVE-2023-41991, which involves manipulating code signatures in macOS binaries to bypass CoreTrust validation. The code modifies signature blobs and code directories to achieve an authentication bypass.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: macOS CoreTrust (specific versions affected by CVE-2023-41991)
No auth needed
Prerequisites: A macOS binary with an existing code signature · Access to modify the binary's signature blob
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by dmytrozykov · poc
https://github.com/dmytrozykov/appsign

This repository contains a functional exploit PoC for CVE-2023-41991, targeting Apple's code signing mechanism. The code includes logic to bypass code signing checks by manipulating signature blobs and using embedded certificates/keys.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: Apple macOS/iOS code signing mechanism
No auth needed
Prerequisites: Access to a vulnerable macOS/iOS system · Ability to compile and run the exploit code
devstral-2 · analyzed Feb 18, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Zenyith/CVE-2023-41991

This repository contains a functional exploit PoC for CVE-2023-41991, which targets a code signing bypass vulnerability in macOS. The exploit manipulates the code signature structure of a Mach-O binary to bypass Apple's signature validation by replacing the code directory and signature blob with crafted data.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: macOS (specific versions affected by CVE-2023-41991)
No auth needed
Prerequisites: ad-hoc signed Mach-O binary · macOS environment with vulnerable code signing validation
devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0390
EPSS Percentile 88.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2023-09-25
VulnCheck KEV 2023-09-12
InTheWild.io 2023-09-12
ENISA EUVD EUVD-2023-46450
CWE
CWE-295
Status published
Products (5)
apple/ipados 17.0
apple/ipados < 16.7
apple/iphone_os 17.0
apple/iphone_os < 16.7
apple/macos 13.0 - 13.6
Published Sep 21, 2023
KEV Added Sep 25, 2023
Tracked Since Feb 18, 2026