Lucene search

[email protected]NVD:CVE-2023-42824

HistoryOct 04, 2023 - 7:15 p.m.

CVE-2023-42824

2023-10-0419:15:10

[email protected]

web.nvd.nist.gov

cve-2023-42824

local attacker

privilege elevation

ios 16.6

apple

exploited issue

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

Affected configurations

Nvd

Node

appleipadosRange<16.7.1

appleipadosRange17.0–17.0.3

appleiphone_osRange<16.7.1

appleiphone_osRange17.0–17.0.3

VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::

References

support.apple.com/en-us/HT213972

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

Related for NVD:CVE-2023-42824

cisa_kev1 attackerkb1 cve1 prion1 cvelist1 apple2 malwarebytes1 thn1