CVE-2023-42855

Published: Feb 21, 2024Modified: Nov 4, 2025

4.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased device.

Affected (2)

Products: Apple: Ipad Os, Iphone Os

Apple

2 products

Ipad Os

Iphone Os

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Ipad Os	Before 17.1
Apple Iphone Os	Before 17.1

References (3)

https://support.apple.com/en-us/HT213982

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213982

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/kb/HT213982

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.