Back to KEVs

CVE-2023-41990

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 06, 2023
Published Date
September 11, 2023
Last Updated
February 03, 2025
Vendor
Apple
Product
iOS and iPadOS, tvOS, macOS, watchOS
Description
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2024-01-08 00:00:00 UTC) Source

References

https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213845 https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213844 https://support.apple.com/en-us/HT213599

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-01-08 00:00:00 UTC