7.8
CVE-2023-41984
- EPSS 0.5%
- Veröffentlicht 27.09.2023 15:19:31
- Zuletzt bearbeitet 04.11.2025 20:16:47
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.386 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
https://support.apple.com/kb/HT213940
https://support.apple.com/en-us/HT213927
https://support.apple.com/en-us/HT213931
https://support.apple.com/en-us/HT213932
https://support.apple.com/en-us/HT213940
http://seclists.org/fulldisclosure/2023/Oct/3
http://seclists.org/fulldisclosure/2023/Oct/10
http://seclists.org/fulldisclosure/2023/Oct/8
https://support.apple.com/en-us/HT213936
https://support.apple.com/en-us/HT213937
https://support.apple.com/en-us/HT213938
http://seclists.org/fulldisclosure/2023/Oct/4
http://seclists.org/fulldisclosure/2023/Oct/6
http://seclists.org/fulldisclosure/2023/Oct/5
https://support.apple.com/kb/HT213938
https://support.apple.com/kb/HT213927
https://support.apple.com/kb/HT213936
https://support.apple.com/kb/HT213937
https://support.apple.com/kb/HT213932