Login Sign Up

CVE-2023-41064

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Apple's image processing that allows arbitrary code execution when processing malicious images. It affects multiple Apple operating systems including iOS, iPadOS, and macOS. Apple has confirmed this vulnerability may have been actively exploited in the wild.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
Versions: Versions before iOS 16.6.1, iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9, iPadOS 15.7.9, macOS Big Sur 11.7.10
Operating Systems: iOS, iPadOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/system privileges and persistent access to the device.

🟠

Likely Case

Remote code execution leading to data theft, surveillance, or installation of persistent malware.

🟢

If Mitigated

Limited impact with proper network segmentation and application sandboxing, but still potential for local privilege escalation.

🌐 Internet-Facing: HIGH - Malicious images can be delivered via web, email, messaging apps, or social media.
🏢 Internal Only: MEDIUM - Internal users could be targeted via internal systems or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Apple confirms active exploitation. Exploit requires user to process malicious image, which can be delivered via various vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.6.1, iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9, iPadOS 15.7.9, macOS Big Sur 11.7.10

Vendor Advisory: https://support.apple.com/en-us/HT213905

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS or System Preferences > Software Update on macOS. 2. Download and install the latest update. 3. Restart device when prompted.

🔧 Temporary Workarounds

Disable automatic image processing

all

Configure applications to not automatically process images from untrusted sources

Network filtering

all

Block or scan image files at network perimeter

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable devices
  • Deploy endpoint detection and response (EDR) solutions to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac.

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: sw_vers or system_profiler SPSoftwareDataType

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from image processing applications
  • Memory access violations in system logs
  • Crash reports from image-related processes

Network Indicators:

  • Unusual outbound connections from devices after image processing
  • Image downloads from suspicious sources

SIEM Query:

process_name:("Preview" OR "Photos" OR "Safari") AND process_creation AND parent_process:image*

📊 Metadata

CVE ID: CVE-2023-41064
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: September 7, 2023
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41064, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)