Threat Intelligence / CVE / CVE-2023-41061

CVE-2023-41061

CISA KEV

CVSS 7.8 (HIGH) · EPSS 1.0% · Published 2023-09-07

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVSS v3 vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

NVD-CWE-noinfo, CWE-20

Threats tracking this CVE

Coruna iOS Exploit Kit — 23 Exploits Across 5 Chains Targeting iOS 13-17.2.1 (CVE-2021-30952, CVE-2023-41974, CVE-2023-43000 + 20 More) — CRITICAL

References

http://seclists.org/fulldisclosure/2023/Sep/4
http://seclists.org/fulldisclosure/2023/Sep/5
https://support.apple.com/en-us/HT213905
https://support.apple.com/en-us/HT213907
https://support.apple.com/kb/HT213905
https://support.apple.com/kb/HT213907
http://seclists.org/fulldisclosure/2023/Sep/4
http://seclists.org/fulldisclosure/2023/Sep/5
https://support.apple.com/en-us/HT213905
https://support.apple.com/en-us/HT213907

Full detection coverage & IOCs for threats exploiting CVE-2023-41061 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence