Login Sign Up

CVE-2023-41174

7.8 HIGH
Remote Code Execution

📋 TL;DR

This is a kernel privilege escalation vulnerability in Apple operating systems that allows malicious apps to execute arbitrary code with kernel-level privileges. It affects iOS, iPadOS, tvOS, and watchOS devices running older versions. Successful exploitation gives attackers complete control over the affected device.

💻 Affected Systems

Products:
  • iPhone
  • iPad
  • Apple TV
  • Apple Watch
Versions: Versions prior to iOS 17, iPadOS 17, tvOS 17, watchOS 10
Operating Systems: iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. The vulnerability requires a malicious app to be installed on the device.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level access, allowing attackers to install persistent malware, bypass all security controls, access all user data, and potentially pivot to other network resources.

🟠

Likely Case

Targeted attacks against specific users or organizations to steal sensitive data, install surveillance software, or maintain persistent access to compromised devices.

🟢

If Mitigated

Limited impact due to app sandboxing and other iOS security controls, but still significant risk for targeted attacks.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires a malicious app to be installed on the target device. No public exploit code has been released as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 17, iPadOS 17, tvOS 17, watchOS 10

Vendor Advisory: https://support.apple.com/en-us/HT213936

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS devices. 2. For Apple TV, go to Settings > System > Software Updates. 3. Download and install the latest update. 4. Restart the device after installation completes.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources and the official App Store

Enable Device Management Restrictions

all

Use MDM solutions to restrict app installation and enforce security policies

🧯 If You Can't Patch

  • Isolate affected devices from critical network segments and sensitive data
  • Implement strict app installation policies and monitor for suspicious app behavior

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Software Version. If version is below iOS 17, iPadOS 17, tvOS 17, or watchOS 10, the device is vulnerable.

Check Version:

Settings > General > About > Software Version (iOS/iPadOS/watchOS) or Settings > System > Software Updates (tvOS)

Verify Fix Applied:

Verify the device is running iOS 17, iPadOS 17, tvOS 17, or watchOS 10 or later in Settings > General > About > Software Version.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel panics or crashes
  • Suspicious app installation events
  • Unusual privilege escalation attempts in system logs

Network Indicators:

  • Unusual outbound connections from mobile devices
  • Communication with known malicious domains from iOS devices

SIEM Query:

source="apple_mdm" OR source="ios_logs" AND (event="kernel_panic" OR event="app_install" AND app_source!="app_store")

📊 Metadata

CVE ID: CVE-2023-41174
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: September 27, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON