CVE-2023-41991
published 2023-09-21CVE-2023-41991: A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass…
PriorityP180medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-10-16
Exploited in the wild
EPSS
4.55%
90.4th percentile
A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.7_and_ipados | — | — |
| apple | ios_17.0.1_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.7 | 16.7 |
| apple | ipados | < 16.7 | 16.7 |
| apple | ipados | — | — |
| apple | iphone_os | < 16.7 | 16.7 |
| apple | iphone_os | — | — |
| apple | macos | >= 13.0 < 13.6 | 13.6 |
| apple | macos | >= unspecified < 13.6 | 13.6 |
| apple | macos_ventura | — | — |
| apple | watchos | — | — |
| apple | watchos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-41991 is the second stage in a three-vulnerability iOS exploit chain. Detection should consider the full chain: CVE-2023-41993 (Safari RCE) → CVE-2023-41991 (certificate validation bypass) → CVE-2023-41992 (XNU kernel LPE). Look for anomalous process spawning from Safari followed by privilege escalation indicators. ↗
- →The exploit chain ran a small binary post-exploitation to decide whether to install the full Predator implant. Hunt for unexpected small binaries executing on iOS devices following browser activity. ↗
- ·The Predator implant payload itself was not captured by TAG, limiting full IOC coverage. Detection based solely on the known redirect domains may miss variants or updated infrastructure. ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vulncheck5.5MEDIUM
cisa5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Apple Multiple Products Improper Certificate Validation Vulnerability
cisa·2023-09-25·CVSS 5.5
CVE-2023-41991 [MEDIUM] CWE-295 Apple Multiple Products Improper Certificate Validation Vulnerability
Vulnerability: Apple Multiple Products Improper Certificate Validation Vulnerability
Affected: Apple Multiple Products
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41991
Remediation Due Date: 2023-10-16
Apple
CVE-2023-41991: watchOS 9.6.3
vendor_apple·2023-09-21·CVSS 5.5
CVE-2023-41991 [MEDIUM] CVE-2023-41991: watchOS 9.6.3
Apple Security Update: About the security content of watchOS 9.6.3
Product: watchOS
Version: 9.6.3
CVE: CVE-2023-41991
Component: Security
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
Apple
CVE-2023-41991: iOS 17.0.1 and iPadOS 17.0.1
vendor_apple·2023-09-21·CVSS 5.5
CVE-2023-41991 [MEDIUM] CVE-2023-41991: iOS 17.0.1 and iPadOS 17.0.1
Apple Security Update: About the security content of iOS 17.0.1 and iPadOS 17.0.1
Product: iOS 17.0.1 and iPadOS
Version: 17.0.1
CVE: CVE-2023-41991
Component: Security
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
Apple
CVE-2023-41991: watchOS 10.0.1
vendor_apple·2023-09-21·CVSS 5.5
CVE-2023-41991 [MEDIUM] CVE-2023-41991: watchOS 10.0.1
Apple Security Update: About the security content of watchOS 10.0.1
Product: watchOS
Version: 10.0.1
CVE: CVE-2023-41991
Component: Security
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
Apple
CVE-2023-41991: macOS Ventura 13.6
vendor_apple·2023-09-21·CVSS 5.5
CVE-2023-41991 [MEDIUM] CVE-2023-41991: macOS Ventura 13.6
Apple Security Update: About the security content of macOS Ventura 13.6
Product: macOS Ventura
Version: 13.6
CVE: CVE-2023-41991
Component: Security
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
Apple
CVE-2023-41991: iOS 16.7 and iPadOS 16.7
vendor_apple·2023-09-21·CVSS 5.5
CVE-2023-41991 [MEDIUM] CVE-2023-41991: iOS 16.7 and iPadOS 16.7
Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7
Product: iOS 16.7 and iPadOS
Version: 16.7
CVE: CVE-2023-41991
Component: Security
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
GHSA
GHSA-fj3m-2r8f-m4x9: A certificate validation issue was addressed
ghsa_unreviewed·2023-09-21
CVE-2023-41991 [MEDIUM] CWE-295 GHSA-fj3m-2r8f-m4x9: A certificate validation issue was addressed
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
VulnCheck
Apple Multiple Products Improper Certificate Validation Vulnerability
vulncheck·2023·CVSS 5.5
CVE-2023-41991 [MEDIUM] CWE-295 Apple Multiple Products Improper Certificate Validation Vulnerability
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
Affected: Apple Multiple Products
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/kb/HT213926; https://support.apple.com/kb/HT213927; https://support.apple.com/kb/HT213928; https://support.apple.com/kb/HT213929; https://support.apple.com/kb/HT213931; https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egy
No detection rules found.
No public exploits indexed.
Mandiant
Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Intellexa’s Prolific Zero-Day Exploits Continue
Threat Intelligence
# Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
December 3, 2025
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
### Introduction
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving.
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside
Mandiant
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
## Introduction
Despite extensive scrutiny and public reporting , commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government . New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving .
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside research published by our colleagues from Recorded Future and Amne
Bleepingcomputer
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
blogs_bleepingcomputer·2025-03-11·CVSS 7.8
CVE-2025-24201 [HIGH] Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
## Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
## Sergiu Gatlan
Apple said attackers can exploit the CVE-2025-24201 vulnerability using maliciously crafted web content to break out of the Web Content sandbox.
The company has fixed this out-of-bounds write issue with improved checks to prevent unauthorized actions in iOS 18.3.2, iPadOS 18.3.2 , macOS Sequoia 15.3.2 , visionOS 2.3.2 , and Safari 18.3.1 .
The list of devices impacted by this zero-day is quite extensive, as the bug affects older and newer models, including:
iPhone XS and later,
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Macs
Bleepingcomputer
Apple fixes zero-day exploited in 'extremely sophisticated' attacks
blogs_bleepingcomputer·2025-02-10·CVSS 7.8
[HIGH] Apple fixes zero-day exploited in 'extremely sophisticated' attacks
## Apple fixes zero-day exploited in 'extremely sophisticated' attacks
## Sergiu Gatlan
USB Restricted Mode is a security feature ( introduced almost seven years ago in iOS 11.4.1) that blocks USB accessories from creating a data connection if the device has been locked for over an hour. This feature is designed to block forensic software like Graykey and Cellebrite (commonly used by law enforcement) from extracting data from locked iOS devices.
In November, Apple introduced another security feature (dubbed "inactivity reboot") that automatically restarts iPhones after long idle times to re-encrypt data and make it harder to extract by forensic software.
The zero-day vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab's Bill Marczak) patched today by Apple is an author
Bleepingcomputer
Apple fixes this year’s first actively exploited zero-day bug
blogs_bleepingcomputer·2025-01-27·CVSS 6.5
CVE-2024-23222 [MEDIUM] Apple fixes this year’s first actively exploited zero-day bug
## Apple fixes this year’s first actively exploited zero-day bug
## Sergiu Gatlan
According to the company's official documentation , Core Media "defines the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms."
Apple has fixed CVE-2024-23222 with improved memory management in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.
The list of devices impacted by this zero-day is quite extensive, as the bug affects older and newer models, including:
iPhone XS and later,
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
macOS Sequoia
Apple Watch Ser
Bleepingcomputer
Apple fixes two zero-days used in attacks on Intel-based Macs
blogs_bleepingcomputer·2024-11-19·CVSS 8.8
CVE-2024-44308 [HIGH] Apple fixes two zero-days used in attacks on Intel-based Macs
## Apple fixes two zero-days used in attacks on Intel-based Macs
## Lawrence Abrams
The JavaScriptCore CVE-2024-44308 flaw allows attackers to achieve remote code execution through maliciously crafted web content. The other flaw, CVE-2024-44309, allows cross-site scripting (CSS) attacks.
The company says it addressed the security flaws in macOS Sequoia 15.1.1 .
As the same components are found in other Apple operating systems, it was also fixed in iOS 17.7.2 and iPadOS 17.7.2 , iOS 18.1.1 and iPadOS 18.1.1 , and visionOS 2.1.1 .
While Apple says both flaws were discovered by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group, the company has not provided further details on how they were exploited.
BleepingComputer contacted Google to learn how the flaws were exploite
Bleepingcomputer
Apple fixes first zero-day bug exploited in attacks this year
blogs_bleepingcomputer·2024-01-22·CVSS 8.8
[HIGH] Apple fixes first zero-day bug exploited in attacks this year
## Apple fixes first zero-day bug exploited in attacks this year
## Sergiu Gatlan
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.
The company has yet to attribute the discovery of this security vulnerability to a security researcher. Although the company disclosed that it's aware of in-the-wild exploitation, it has yet to publish further details regarding these attacks.
Apple addressed CVE-2024-23222 with improved checks in iOS 16.7.5 and later, iPadOS 16.7.5 and later, and macOS Monterey 12.7.3 and higher, as well as on tvOS 17.3 and later.
The complete list of devices impacted by this WebKit zero-day is quite extensive, as the bug affects older and newer models, i
Sentinelone
Protecting macOS | 7 Strategies for Enterprise Security in 2024
blogs_sentinelone·2024-01-02
Protecting macOS | 7 Strategies for Enterprise Security in 2024
Welcome to 2024! It may be a new year for us all, but it’s very much business as usual for cybersecurity professionals. Last year saw an increase in the number and variety of new threats targeting the macOS platform, and as the influence of the Mac continues to expand in enterprise environments, there is little doubt that 2024 will continue that trend.
In this post, we reflect on the lessons we can learn from the last 12 months of threat activity against Apple’s desktop operating system, and offer 7 strategies for defenders to help bolster their threat hunting, detection and mitigation efforts .
## 1. Don’t Rely on Persistence for Detection
Perhaps the most important lesson that defenders learned from 2023’s crop of macOS malware was that monitoring for persistence methods became a much
Sentinelone
Protecting macOS | 7 Strategies for Enterprise Security in 2024
blogs_sentinelone·2024-01-02
Protecting macOS | 7 Strategies for Enterprise Security in 2024
Welcome to 2024! It may be a new year for us all, but it’s very much business as usual for cybersecurity professionals. Last year saw an increase in the number and variety of new threats targeting the macOS platform, and as the influence of the Mac continues to expand in enterprise environments, there is little doubt that 2024 will continue that trend.
In this post, we reflect on the lessons we can learn from the last 12 months of threat activity against Apple’s desktop operating system, and offer 7 strategies for defenders to help bolster their threat hunting, detection and mitigation efforts.
## 1. Don’t Rely on Persistence for Detection
Perhaps the most important lesson that defenders learned from 2023’s crop of macOS malware was that monitoring for persistence methods became a much
Bleepingcomputer
Apple emergency updates fix recent zero-days on older iPhones
blogs_bleepingcomputer·2023-12-11·CVSS 6.5
[MEDIUM] Apple emergency updates fix recent zero-days on older iPhones
## Apple emergency updates fix recent zero-days on older iPhones
## Sergiu Gatlan
They can let attackers obtain access to sensitive data through and execute arbitrary code using maliciously crafted webpages designed to exploit out-of-bounds and memory corruption bugs on unpatched devices.
Today, Apple addressed the zero-days in iOS 16.7.3, iPadOS 16.7.3 , tvOS 17.2 , and watchOS 10.2 with improved input validation and locking.
The company says the bugs are now also patched on the following list of devices:
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Apple TV HD and Apple TV 4K (all models)
Apple Watch Series 4 and later
Clément Lecigne, a security researcher from Google's Threat
Bleepingcomputer
Apple fixes two new iOS zero-days in emergency updates
blogs_bleepingcomputer·2023-11-30·CVSS 8.6
[HIGH] Apple fixes two new iOS zero-days in emergency updates
## Apple fixes two new iOS zero-days in emergency updates
## Sergiu Gatlan
The company says it addressed the security flaws for devices running iOS 17.1.2, iPadOS 17.1.2 , macOS Sonoma 14.1.2 , and Safari 17.1.2 with improved input validation and locking.
The list of impacted Apple devices is quite extensive, and it includes:
iPhone XS and later
iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Macs running macOS Monterey, Ventura, Sonoma
Security researcher Clément Lecigne of Google's Threat Analysis Group (TAG) found and reported both zero-days.
While Apple has not released information regarding ongoing exploitation in
Bleepingcomputer
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
blogs_bleepingcomputer·2023-10-12·CVSS 7.8
CVE-2023-5217 [HIGH] Apple fixes iOS Kernel zero-day vulnerability on older iPhones
## Apple fixes iOS Kernel zero-day vulnerability on older iPhones
## Sergiu Gatlan
Apple has now also fixed the issue in iOS 16.7.1 and iPadOS 16.7.1 with improved checks, but it has yet to reveal who discovered and reported the flaw.
The second one, a bug identified as CVE-2023-5217, is caused by a heap buffer overflow vulnerability within the VP8 encoding of the open-source libvpx video codec library. This flaw could let threat actors gain arbitrary code execution upon successful exploitation.
Even though Apple did not confirm any instances of exploitation in the wild, Google previously patched the libvpx bug as a zero-day in its Chrome web browser. Microsoft also addressed the same vulnerability in its Edge, Teams, and Skype products.
Google attributed the discovery of CVE-2023-521
Bleepingcomputer
Apple emergency update fixes new zero-day used to hack iPhones
blogs_bleepingcomputer·2023-10-04·CVSS 7.8
[HIGH] Apple emergency update fixes new zero-day used to hack iPhones
## Apple emergency update fixes new zero-day used to hack iPhones
## Sergiu Gatlan
While Apple said it addressed the security issue in iOS 17.0.3 and iPadOS 17.0.3 with improved checks, it has yet to reveal who found and reported the flaw.
The list of impacted devices is quite extensive, and it includes:
iPhone XS and later
iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Apple also addressed a bug tracked as CVE-2023-5217 and caused by a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library, which could allow arbitrary code execution following successful exploitation.
While Apple
Checkpoint
25th September – Threat Intelligence Report
blogs_checkpoint·2023-09-25
CVE-2023-41991 25th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 25th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 25th September, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Monti ransomware gang has claimed responsibility for a cyber-attack on New Zealand’s third-largest university, Auckland University of Technology. The threat actors claim to have stolen 60GB of data, giving the victim a deadline of October 9 th to pay a ransom.
Check Point Threat Emulation provides protection against
Google Tag
0-days exploited by commercial surveillance vendor in Egypt
blogs_google_tag·2023-09-22·CVSS 5.5
CVE-2023-41991 [MEDIUM] 0-days exploited by commercial surveillance vendor in Egypt
Threat Analysis Group
## 0-days exploited by commercial surveillance vendor in Egypt
Sep 22, 2023
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab , discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device.
In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.
## Exploit delivery via man-in-the-middle (MITM)
The Intellexa exploit chain was delivered via a “man-in-the-middle” (MITM) attack, where an attack
Huntress
CVE-2023-41993 Vulnerability: Analysis, Impact, Mitigation | Huntress
blogs_huntress·CVSS 5.5
CVE-2023-41993 [MEDIUM] CVE-2023-41993 Vulnerability: Analysis, Impact, Mitigation | Huntress
## CVE-2023-41993 Vulnerability
Written by: Monica Burgess
Published: 11/07/25
CVE-2023-41993 is a significant security flaw found in Apple's WebKit browser engine, affecting iOS, iPadOS, macOS, and Safari. This vulnerability could allow a threat actor to execute arbitrary code on a target system simply by tricking a user into visiting a specially crafted malicious webpage. In short, a click is all it takes for an attacker to potentially take over.
## What is CVE-2023-41993 Vulnerability?
CVE-2023-41993 is a vulnerability within WebKit, the engine that powers Safari and other web-browsing functions across Apple's ecosystem. The flaw resides in the way WebKit handles web content, creating a loophole that can be exploited for arbitrary code execution. It was found being actively exploit
Bugzilla
CVE-2023-53051 kernel: dm crypt: add cond_resched() to dmcrypt_write()
bugzilla·2025-05-02·CVSS 5.5
CVE-2023-53051 [MEDIUM] CVE-2023-53051 kernel: dm crypt: add cond_resched() to dmcrypt_write()
CVE-2023-53051 kernel: dm crypt: add cond_resched() to dmcrypt_write()
In the Linux kernel, the following vulnerability has been resolved:
dm crypt: add cond_resched() to dmcrypt_write()
The loop in dmcrypt_write may be running for unbounded amount of time,
thus we need cond_resched() in it.
This commit fixes the following warning:
[ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897]
...
[ 3391.387210][ C12] Call trace:
[ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158
[ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0
[ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550
[ 3391.405856][ C12] submit_bio_noacct+0x308/0x380
[ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt]
[ 3391.416005][ C12] kthread+0x130/0x138
[ 3391.41991
https://support.apple.com/en-us/HT213927https://support.apple.com/en-us/HT213931https://support.apple.com/en-us/HT213927https://support.apple.com/en-us/HT213931https://support.apple.com/kb/HT213927https://support.apple.com/kb/HT213931https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991
2023-09-21
Published
2023-09-25
Added to CISA KEV
Exploited in the wild