AttackerKBAKB:E5236F62-42F9-46CC-A096-CAB347CB3B64CVE-2023-41991
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.017 Low
EPSS
Percentile
88.0%
A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
References
seclists.org/fulldisclosure/2023/Oct/5
seclists.org/fulldisclosure/2023/Sep/14
seclists.org/fulldisclosure/2023/Sep/15
seclists.org/fulldisclosure/2023/Sep/16
seclists.org/fulldisclosure/2023/Sep/17
seclists.org/fulldisclosure/2023/Sep/19
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41991
support.apple.com/en-us/HT213926
support.apple.com/en-us/HT213927
support.apple.com/en-us/HT213928
support.apple.com/en-us/HT213929
support.apple.com/en-us/HT213931
support.apple.com/kb/HT213926
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.017 Low
EPSS
Percentile
88.0%