CVE-2023-38610 – This CVE describes a memory corruption vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-38610?

CVE-2023-38610 has a CVSS score of 7.1 (HIGH). This CVE describes a memory corruption vulnerability in Apple operating systems that allows malicious applications to cause system crashes or write to kernel memory. It affects macOS, iOS, and iPadOS users running vulnerable versions. The vulnerability could lead to denial of service or potential privilege escalation.

📋 TL;DR

This CVE describes a memory corruption vulnerability in Apple operating systems that allows malicious applications to cause system crashes or write to kernel memory. It affects macOS, iOS, and iPadOS users running vulnerable versions. The vulnerability could lead to denial of service or potential privilege escalation.

💻 Affected Systems

Products:

macOS
iOS
iPadOS

Versions: Versions prior to macOS Sonoma 14, iOS 17, and iPadOS 17

Operating Systems: macOS, iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. Requires application execution on the target device.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel-level code execution leading to complete system compromise, data theft, or persistent malware installation

🟠

Likely Case

Application-induced system crashes (kernel panics) causing denial of service and potential data loss

🟢

If Mitigated

Limited to denial of service if proper application sandboxing and security controls are enforced

🌐 Internet-Facing: LOW - Requires local application execution, not directly exploitable over network

🏢 Internal Only: MEDIUM - Malicious or compromised applications could exploit this vulnerability locally

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious application to be installed and executed on the target device. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14, iOS 17, iPadOS 17

Vendor Advisory: https://support.apple.com/en-us/HT213938

Restart Required: Yes

Instructions:

1. Open System Settings (macOS) or Settings (iOS/iPadOS). 2. Navigate to General > Software Update. 3. Install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of untrusted applications to reduce attack surface

For macOS: Use Gatekeeper settings to only allow apps from App Store and identified developers

🧯 If You Can't Patch

Implement strict application control policies to prevent installation of untrusted software
Monitor for unexpected system crashes or kernel panics as potential exploitation indicators

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version is macOS Sonoma 14 or later, iOS 17 or later, or iPadOS 17 or later

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected system restarts
Application crash reports with memory access violations

Network Indicators:

No network-based indicators as this is a local vulnerability

SIEM Query:

Search for 'kernel panic', 'system crash', or 'memory corruption' events in system logs

📊 Metadata

CVE ID: CVE-2023-38610

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE: CWE-787

Published: January 10, 2024

Last Updated: November 4, 2025

🔗 References

https://support.apple.com/en-us/HT213938 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT213940 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT213938 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT213940 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT213938
https://support.apple.com/kb/HT213940

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38610, you might also want to check these: