CVE-2023-38136Apple IOS AND Ipados vulnerability

4 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 81.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple WatchosApple Ipados+2 more
Timeline
PublishedJul 27

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDapple/ipados< 16.6
CVEListV5apple/watchosunspecified9.6
NVDapple/watchos< 9.6
CVEListV5apple/ios_and_ipadosunspecified16.6
Appleapple/watchos9.6

🔴Vulnerability Details

1
GHSA
GHSA-6jxx-g5pf-9mhg: The issue was addressed with improved checks2023-07-27

📋Vendor Advisories

2
Apple
CVE-2023-38136: watchOS 9.62023-07-24
Apple
CVE-2023-38136: iOS 16.6 and iPadOS 16.62023-07-24