Login Sign Up

CVE-2023-35993

7.8 HIGH
Remote Code Execution

📋 TL;DR

This is a use-after-free vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. It affects macOS, iOS, iPadOS, tvOS, and watchOS. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions before macOS Monterey 12.6.8, iOS 15.7.8, iPadOS 15.7.8, iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires app execution to exploit.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level persistence, data theft, and ability to bypass all security controls

🟠

Likely Case

Malicious app gains root privileges, installs backdoors, and steals sensitive data

🟢

If Mitigated

Limited to sandboxed app execution if proper app vetting and isolation are in place

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires malicious app installation or code execution. No public exploit available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Monterey 12.6.8, iOS 15.7.8, iPadOS 15.7.8, iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6

Vendor Advisory: https://support.apple.com/en-us/HT213841

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. Install available updates. 3. For macOS, go to System Preferences > Software Update. 4. Install all security updates. 5. Restart device after installation.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources and App Store

Enable Full Disk Encryption

all

Protect data at rest in case of compromise

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application allowlisting and monitor for suspicious app behavior

🔍 How to Verify

Check if Vulnerable:

Check current OS version against patched versions listed in affected_systems.versions

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version; tvOS: Settings > General > About > Version; watchOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions after update

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected privilege escalation
  • Suspicious app behavior with kernel access

Network Indicators:

  • Unexpected outbound connections from system processes
  • Command and control traffic

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2023-35993
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: July 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35993, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)