Login Sign Up

CVE-2023-40400

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows a remote attacker to cause unexpected app termination or execute arbitrary code on affected Apple devices. It affects multiple Apple operating systems including iOS, iPadOS, tvOS, watchOS, and macOS. The high CVSS score indicates critical severity requiring immediate attention.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • tvOS
  • watchOS
  • macOS
Versions: Versions prior to iOS 17, iPadOS 17, tvOS 17, watchOS 10, macOS Sonoma 14
Operating Systems: Apple iOS, Apple iPadOS, Apple tvOS, Apple watchOS, Apple macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crashes leading to denial of service, with potential for limited code execution in some scenarios.

🟢

If Mitigated

Minimal impact if patched; unpatched systems remain vulnerable to remote attacks.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication.
🏢 Internal Only: HIGH - Internal network access sufficient for exploitation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Remote exploitation without authentication is indicated by the description and CVSS score.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 17, iOS 17, iPadOS 17, watchOS 10, macOS Sonoma 14

Vendor Advisory: https://support.apple.com/en-us/HT213936

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface.

Application Whitelisting

all

Restrict which applications can run to limit potential exploitation vectors.

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Monitor for unusual application crashes or unexpected behavior

🔍 How to Verify

Check if Vulnerable:

Check current OS version in Settings > General > About on iOS/iPadOS, or System Settings > General > About on macOS.

Check Version:

iOS/iPadOS: Settings > General > About > Version; macOS: System Settings > General > About > macOS version

Verify Fix Applied:

Verify OS version matches or exceeds: iOS 17, iPadOS 17, tvOS 17, watchOS 10, macOS Sonoma 14.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application crashes
  • Process termination events
  • Memory access violations

Network Indicators:

  • Unusual network connections from Apple devices
  • Suspicious inbound traffic to device services

SIEM Query:

source="apple-device-logs" AND (event="crash" OR event="termination") AND severity="critical"

📊 Metadata

CVE ID: CVE-2023-40400
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: September 27, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON