← Back

CVE-2023-28206

nvd nist
Published: Apr 10, 2023Modified: Oct 23, 2025CISA KEV

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 6.0
Source: NVD

Description

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Affected (7)

Apple
3 products
Ipados
Iphone Os
Macos
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Ipados
Before 15.7.5
Ipados
From 16.0 to 16.4.1
Apple
Iphone Os
Before 15.7.5
Iphone Os
From 16.0 to 16.4.1
Apple
Macos
Before 11.7.6
Macos
From 12.0 to 12.6.5
Macos
From 13.0 to 13.3.1

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (11)

Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.