Login Sign Up

CVE-2023-23540

7.8 HIGH
Remote Code Execution

📋 TL;DR

This is a memory corruption vulnerability in Apple operating systems that allows malicious applications to execute arbitrary code with kernel privileges. It affects iOS, iPadOS, and macOS users running vulnerable versions. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
Versions: Versions before iOS 15.7.8, iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4, iPadOS 16.4, macOS Big Sur 11.7.5
Operating Systems: iOS, iPadOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. Requires malicious app installation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level access, allowing data theft, persistence installation, and lateral movement within networks.

🟠

Likely Case

Targeted attacks against high-value individuals or organizations using malicious apps to gain full device control.

🟢

If Mitigated

Limited impact if devices are fully patched and app installation is restricted to trusted sources only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to install a malicious application. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 15.7.8, iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4, iPadOS 16.4, macOS Big Sur 11.7.5

Vendor Advisory: https://support.apple.com/en-us/HT213675

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Download and install the latest available update. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from the App Store to prevent malicious app installation.

🧯 If You Can't Patch

  • Implement strict application allowlisting policies
  • Isolate vulnerable devices from critical network segments

🔍 How to Verify

Check if Vulnerable:

Check Settings > General > About > Version. If version is below the patched versions listed, device is vulnerable.

Check Version:

sw_vers (macOS) or Settings > General > About > Version (iOS/iPadOS)

Verify Fix Applied:

Verify version matches or exceeds iOS 15.7.8, iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4, iPadOS 16.4, or macOS Big Sur 11.7.5.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel panics
  • Unusual process spawning with elevated privileges
  • Suspicious app installation events

Network Indicators:

  • Unusual outbound connections from Apple devices
  • Command and control traffic patterns

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR process="kernel_task" AND action="elevated")

📊 Metadata

CVE ID: CVE-2023-23540
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: May 8, 2023
Last Updated: January 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON