⚠ Actively exploited

Added to CISA KEV on 2023-09-25. Federal agencies required to patch by 2023-10-16. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-41992 — Improper Check for Unusual or Exceptional Conditions in Apple IOS AND Ipados

CWE-754 — Improper Check for Unusual or Exceptional Conditions24 documents9 sources

Severity

7.8HIGHNVD

EPSS

1.2%

top 21.31%

CISA KEV

KEV

Added 2023-09-25

Due 2023-10-16

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipados +6 more

Timeline

PublishedSep 21

KEV addedSep 25

KEV dueOct 16

Latest updateDec 3

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶Appleapple/macos_ventura13.6

▶Appleapple/macos_monterey12.7

▶CVEListV5apple/macosunspecified — 12.7+1

▶NVDapple/macos12.0 — 12.7+1

▶NVDapple/ipados< 16.7+1

🔴Vulnerability Details

GHSA

GHSA-wcch-rmxq-7x86: The issue was addressed with improved checks↗2023-09-21

▶

VulnCheck

Apple Multiple Products Kernel Privilege Escalation Vulnerability↗2023

▶

📋Vendor Advisories

CISA

Apple Multiple Products Kernel Privilege Escalation Vulnerability↗2023-09-25

▶

Apple

CVE-2023-41992: watchOS 10.0.1↗2023-09-21

▶

Apple

CVE-2023-41992: macOS Ventura 13.6↗2023-09-21

▶

Apple

CVE-2023-41992: watchOS 9.6.3↗2023-09-21

▶

Apple

CVE-2023-41992: iOS 16.7 and iPadOS 16.7↗2023-09-21

▶

🕵️Threat Intelligence

Mandiant

Intellexa’s Prolific Zero-Day Exploits Continue↗2025-12-03

▶

Mandiant

Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue↗2025-12-03

▶

Bleepingcomputer

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks↗2025-03-11

▶

Bleepingcomputer

Apple fixes zero-day exploited in 'extremely sophisticated' attacks↗2025-02-10

▶

Bleepingcomputer

Apple fixes this year’s first actively exploited zero-day bug↗2025-01-27

▶