CVE-2023-23514
published 2023-02-27CVE-2023-23514: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS…
PriorityP279high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.73%
49.4th percentile
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.3.1_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.3 | 16.3 |
| apple | ipados | < 16.3.1 | 16.3.1 |
| apple | iphone_os | < 16.3.1 | 16.3.1 |
| apple | macos | >= 13.0 < 13.2.1 | 13.2.1 |
| apple | macos | >= unspecified < 13.3 | 13.3 |
| apple | macos | >= unspecified < 12.6 | 12.6 |
| apple | macos | >= unspecified < 11.7 | 11.7 |
| apple | macos | >= unspecified < 13.2 | 13.2 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
| apple | macos_ventura | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target component is the Kernel; monitor for apps attempting to execute arbitrary code with kernel privileges via use-after-free memory corruption on affected Apple platforms (macOS Big Sur, Monterey, Ventura; iOS/iPadOS 16.x) ↗
- →Vulnerability class is use-after-free in the Kernel component; focus detection on kernel memory corruption telemetry, unexpected kernel panics, or privilege escalation from user-space apps on unpatched Apple OS versions ↗
- ·No public PoC, exploit code, hashes, network indicators, or specific attack tooling were referenced in any of the source documents. All sources are Apple security advisories describing the patch, not active exploitation details. No actionable IOCs can be extracted. ↗
- ·Affected versions span multiple Apple OS families; detections should account for all unpatched versions: macOS Big Sur < 11.7.5, macOS Monterey < 12.6.4, macOS Ventura < 13.2.1 / 13.3, iOS/iPadOS < 16.3.1 ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2023-23514: macOS Monterey 12.6.4
vendor_apple·2023-03-27·CVSS 7.8
CVE-2023-23514 [HIGH] CVE-2023-23514: macOS Monterey 12.6.4
Apple Security Update: About the security content of macOS Monterey 12.6.4
Product: macOS Monterey
Version: 12.6.4
CVE: CVE-2023-23514
Component: Kernel
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2023-23514: macOS Big Sur 11.7.5
vendor_apple·2023-03-27·CVSS 7.8
CVE-2023-23514 [HIGH] CVE-2023-23514: macOS Big Sur 11.7.5
Apple Security Update: About the security content of macOS Big Sur 11.7.5
Product: macOS Big Sur
Version: 11.7.5
CVE: CVE-2023-23514
Component: Kernel
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2023-23514: macOS Ventura 13.3
vendor_apple·2023-03-27·CVSS 7.8
CVE-2023-23514 [HIGH] CVE-2023-23514: macOS Ventura 13.3
Apple Security Update: About the security content of macOS Ventura 13.3
Product: macOS Ventura
Version: 13.3
CVE: CVE-2023-23514
Component: Kernel
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2023-23514: iOS 16.3.1 and iPadOS 16.3.1
vendor_apple·2023-02-13·CVSS 7.8
CVE-2023-23514 [HIGH] CVE-2023-23514: iOS 16.3.1 and iPadOS 16.3.1
Apple Security Update: About the security content of iOS 16.3.1 and iPadOS 16.3.1
Product: iOS 16.3.1 and iPadOS
Version: 16.3.1
CVE: CVE-2023-23514
Component: Kernel
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2023-23514: macOS Ventura 13.2.1
vendor_apple·2023-02-13·CVSS 7.8
CVE-2023-23514 [HIGH] CVE-2023-23514: macOS Ventura 13.2.1
Apple Security Update: About the security content of macOS Ventura 13.2.1
Product: macOS Ventura
Version: 13.2.1
CVE: CVE-2023-23514
Component: Kernel
Impact: An app may be able to execute arbitrary code with kernel privileges.
Description: A use after free issue was addressed with improved memory management.
GHSA
GHSA-pcmg-p58j-hf4w: A use after free issue was addressed with improved memory management
ghsa_unreviewed·2023-02-27
CVE-2023-23514 [HIGH] CWE-416 GHSA-pcmg-p58j-hf4w: A use after free issue was addressed with improved memory management
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..
VulnCheck
Apple ipados Use After Free
vulncheck·2023·CVSS 7.8
CVE-2023-23514 [HIGH] Apple ipados Use After Free
Apple ipados Use After Free
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/kb/HT213633
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/HT213633https://support.apple.com/en-us/HT213635https://support.apple.com/en-us/HT213670https://support.apple.com/en-us/HT213675https://support.apple.com/en-us/HT213677https://support.apple.com/en-us/HT213633https://support.apple.com/en-us/HT213635https://support.apple.com/en-us/HT213670https://support.apple.com/en-us/HT213675https://support.apple.com/en-us/HT213677
2023-02-27
Published
Exploited in the wild