CVE-2023-40423

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
References
Link Resource
http://seclists.org/fulldisclosure/2023/Oct/19 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/21 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/23 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/24 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/26 Mailing List Third Party Advisory
https://support.apple.com/en-us/HT213981 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213982 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213983 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213984 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213985 Release Notes Vendor Advisory
https://support.apple.com/kb/HT213981 Release Notes Vendor Advisory
https://support.apple.com/kb/HT213982 Release Notes Vendor Advisory
https://support.apple.com/kb/HT213983 Release Notes Vendor Advisory
https://support.apple.com/kb/HT213984 Release Notes Vendor Advisory
https://support.apple.com/kb/HT213985 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

02 Nov 2023, 13:47

Type Values Removed Values Added
First Time Apple macos
Apple iphone Os
Apple
Apple ipados
CWE CWE-119
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References (MISC) https://support.apple.com/kb/HT213981 - (MISC) https://support.apple.com/kb/HT213981 - Release Notes, Vendor Advisory
References (MISC) http://seclists.org/fulldisclosure/2023/Oct/23 - (MISC) http://seclists.org/fulldisclosure/2023/Oct/23 - Mailing List, Third Party Advisory
References (MISC) https://support.apple.com/en-us/HT213981 - (MISC) https://support.apple.com/en-us/HT213981 - Release Notes, Vendor Advisory
References (MISC) https://support.apple.com/kb/HT213985 - (MISC) https://support.apple.com/kb/HT213985 - Release Notes, Vendor Advisory
References (MISC) https://support.apple.com/kb/HT213983 - (MISC) https://support.apple.com/kb/HT213983 - Release Notes, Vendor Advisory
References (MISC) http://seclists.org/fulldisclosure/2023/Oct/24 - (MISC) http://seclists.org/fulldisclosure/2023/Oct/24 - Mailing List, Third Party Advisory
References (MISC) https://support.apple.com/en-us/HT213985 - (MISC) https://support.apple.com/en-us/HT213985 - Release Notes, Vendor Advisory
References (MISC) http://seclists.org/fulldisclosure/2023/Oct/26 - (MISC) http://seclists.org/fulldisclosure/2023/Oct/26 - Mailing List, Third Party Advisory
References (MISC) https://support.apple.com/kb/HT213984 - (MISC) https://support.apple.com/kb/HT213984 - Release Notes, Vendor Advisory
References (MISC) http://seclists.org/fulldisclosure/2023/Oct/19 - (MISC) http://seclists.org/fulldisclosure/2023/Oct/19 - Mailing List, Third Party Advisory
References (MISC) http://seclists.org/fulldisclosure/2023/Oct/21 - (MISC) http://seclists.org/fulldisclosure/2023/Oct/21 - Mailing List, Third Party Advisory
References (MISC) https://support.apple.com/en-us/HT213983 - (MISC) https://support.apple.com/en-us/HT213983 - Release Notes, Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213982 - (MISC) https://support.apple.com/en-us/HT213982 - Release Notes, Vendor Advisory
References (MISC) https://support.apple.com/kb/HT213982 - (MISC) https://support.apple.com/kb/HT213982 - Release Notes, Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213984 - (MISC) https://support.apple.com/en-us/HT213984 - Release Notes, Vendor Advisory

26 Oct 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) http://seclists.org/fulldisclosure/2023/Oct/24 -
  • (MISC) http://seclists.org/fulldisclosure/2023/Oct/26 -
  • (MISC) http://seclists.org/fulldisclosure/2023/Oct/21 -
  • (MISC) http://seclists.org/fulldisclosure/2023/Oct/19 -

25 Oct 2023, 23:15

Type Values Removed Values Added
References
  • (MISC) http://seclists.org/fulldisclosure/2023/Oct/23 -

25 Oct 2023, 20:31

Type Values Removed Values Added
References
  • (MISC) https://support.apple.com/kb/HT213981 -
  • (MISC) https://support.apple.com/kb/HT213985 -
  • (MISC) https://support.apple.com/kb/HT213983 -
  • (MISC) https://support.apple.com/kb/HT213984 -
  • (MISC) https://support.apple.com/kb/HT213982 -

25 Oct 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-25 19:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40423

Mitre link : CVE-2023-40423

CVE.ORG link : CVE-2023-40423


JSON object : View

Products Affected

apple

  • macos
  • ipados
  • iphone_os
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer