CVE-2023-41992

HIGH KEV

Apple Ipados < 16.7 - Improper Condition Check

Title source: rule

Description

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Exploits (1)

nomisec WORKING POC 57 stars

by WHW0x455 · poc

https://github.com/WHW0x455/CVE-2023-41992

View Code ZIP pw:eip

References (6)

[Vendor Advisory] https://support.apple.com/en-us/HT213927

[Vendor Advisory] https://support.apple.com/en-us/HT213931

[Vendor Advisory] https://support.apple.com/en-us/HT213932

[Vendor Advisory] https://support.apple.com/kb/HT213927

[Vendor Advisory] https://support.apple.com/kb/HT213932

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41992

Scores

CVSS v3 7.8

EPSS 0.0117

EPSS Percentile 78.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-09-25

VulnCheck KEV 2023-09-12

InTheWild.io 2023-09-12

ENISA EUVD EUVD-2023-46451

CWE

CWE-754

Status published

Products (5)

apple/ipados 17.0

apple/ipados < 16.7

apple/iphone_os 17.0

apple/iphone_os < 16.7

apple/macos 12.0 - 12.7

Published Sep 21, 2023

KEV Added Sep 25, 2023

Tracked Since Feb 18, 2026