Login Sign Up

CVE-2023-40446

7.8 HIGH
Remote Code Execution

📋 TL;DR

This memory handling vulnerability in Apple operating systems allows arbitrary code execution in user-installed apps when processing malicious input. It affects macOS Monterey, iOS, and iPadOS users who haven't updated to patched versions. Attackers could exploit this to run unauthorized code on affected devices.

💻 Affected Systems

Products:
  • macOS Monterey
  • iOS
  • iPadOS
Versions: Versions before macOS Monterey 12.7.1, iOS 16.7.2, iPadOS 16.7.2, iOS 17.1, and iPadOS 17.1
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects user-installed apps specifically; system apps may have additional protections.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attacker to execute arbitrary code, steal data, install malware, or gain persistent access.

🟠

Likely Case

Malicious app or crafted input leads to app compromise, potentially stealing user data or performing unauthorized actions within app context.

🟢

If Mitigated

Limited impact with proper app sandboxing and security controls, potentially contained to single app.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious content but could be delivered via web or email.
🏢 Internal Only: LOW - Primarily requires local app execution, though could be exploited via internal malicious apps.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to process malicious input through vulnerable app; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Monterey 12.7.1, iOS 16.7.2, iPadOS 16.7.2, iOS 17.1, iPadOS 17.1

Vendor Advisory: https://support.apple.com/en-us/HT213981

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Download and install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like Apple App Store

Disable automatic file opening

all

Avoid automatically opening files from untrusted sources

🧯 If You Can't Patch

  • Restrict user app installations to App Store only
  • Implement application whitelisting and sandboxing

🔍 How to Verify

Check if Vulnerable:

Check OS version in Settings > General > About on iOS/iPadOS or Apple menu > About This Mac on macOS

Check Version:

sw_vers (macOS) or Settings > General > About > Version (iOS/iPadOS)

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected app crashes
  • Memory access violations in app logs
  • Unusual process spawning from user apps

Network Indicators:

  • Unusual outbound connections from user apps
  • Suspicious file downloads to apps

SIEM Query:

Process creation events from non-system apps with unusual parent processes or command line arguments

📊 Metadata

CVE ID: CVE-2023-40446
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: December 12, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON