CVE-2023-41061
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Se solucionó el problema de validación con una lógica mejorada. Este problema se solucionó en watchOS 9.6.2, iOS 16.6.1 y iPadOS 16.6.1. Un archivo adjunto creado con fines maliciosos puede provocar la ejecución de código arbitrario. Apple está al tanto de un informe de que este problema puede haber sido explotado activamente.
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2023-08-22 CVE Reserved
- 2023-09-07 CVE Published
- 2023-09-11 Exploited in Wild
- 2023-10-02 KEV Due Date
- 2024-09-13 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2023/Sep/4 | Mailing List | |
http://seclists.org/fulldisclosure/2023/Sep/5 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.apple.com/en-us/HT213905 | 2023-09-12 | |
https://support.apple.com/en-us/HT213907 | 2023-09-12 | |
https://support.apple.com/kb/HT213905 | 2023-09-12 | |
https://support.apple.com/kb/HT213907 | 2023-09-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 16.6.1 Search vendor "Apple" for product "Ipados" and version " < 16.6.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 16.6.1 Search vendor "Apple" for product "Iphone Os" and version " < 16.6.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 9.6.2 Search vendor "Apple" for product "Watchos" and version " < 9.6.2" | - |
Affected
|