// For flags

CVE-2023-41061

Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Se solucionó el problema de validación con una lógica mejorada. Este problema se solucionó en watchOS 9.6.2, iOS 16.6.1 y iPadOS 16.6.1. Un archivo adjunto creado con fines maliciosos puede provocar la ejecución de código arbitrario. Apple está al tanto de un informe de que este problema puede haber sido explotado activamente.

Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-08-22 CVE Reserved
  • 2023-09-07 CVE Published
  • 2023-09-11 Exploited in Wild
  • 2023-10-02 KEV Due Date
  • 2024-09-13 CVE Updated
  • 2024-10-09 EPSS Updated
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
Ipados
Search vendor "Apple" for product "Ipados"
< 16.6.1
Search vendor "Apple" for product "Ipados" and version " < 16.6.1"
-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
< 16.6.1
Search vendor "Apple" for product "Iphone Os" and version " < 16.6.1"
-
Affected
Apple
Search vendor "Apple"
Watchos
Search vendor "Apple" for product "Watchos"
< 9.6.2
Search vendor "Apple" for product "Watchos" and version " < 9.6.2"
-
Affected