Login Sign Up

CVE-2023-38598

9.8 CRITICAL

📋 TL;DR

This CVE-2023-38598 is a use-after-free vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. It affects multiple Apple platforms including iOS, iPadOS, macOS, tvOS, and watchOS. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
  • watchOS
Versions: Versions prior to watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8, iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6, iPadOS 16.6, macOS Ventura 13.5
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple tvOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable. The vulnerability requires an app to be installed/executed on the device.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level privileges, allowing installation of persistent malware, data theft, and device takeover.

🟠

Likely Case

Local privilege escalation leading to full system compromise, data exfiltration, and lateral movement within networks.

🟢

If Mitigated

Limited impact if devices are fully patched and have proper application sandboxing and security controls in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires an attacker to get a malicious app installed on the target device. No public exploit code has been identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8, iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6, iPadOS 16.6, macOS Ventura 13.5

Vendor Advisory: https://support.apple.com/en-us/HT213841

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. On macOS, go to System Preferences > Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of untrusted applications to reduce attack surface

🧯 If You Can't Patch

  • Implement strict application allowlisting to prevent installation of untrusted apps
  • Isolate vulnerable devices in network segments with limited access to critical resources

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions listed in the advisory

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version. tvOS: Settings > General > About > Version. watchOS: Watch app on iPhone > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: watchOS 9.6+, macOS Big Sur 11.7.9+, iOS 15.7.8+, iPadOS 15.7.8+, macOS Monterey 12.6.8+, tvOS 16.6+, iOS 16.6+, iPadOS 16.6+, macOS Ventura 13.5+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel panics
  • Unusual process privilege escalation
  • Suspicious application installations

Network Indicators:

  • Unusual outbound connections from Apple devices
  • Traffic to known malicious domains

SIEM Query:

source="apple-devices" AND (event_type="kernel_panic" OR event_type="privilege_escalation")

📊 Metadata

CVE ID: CVE-2023-38598
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: July 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38598, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)