Login Sign Up

CVE-2023-41984

7.8 HIGH

📋 TL;DR

CVE-2023-41984 is a memory handling vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. This gives attackers full system control on affected devices. The vulnerability impacts macOS, iOS, iPadOS, tvOS, and watchOS users running outdated versions.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions prior to: macOS Ventura 13.6, tvOS 17, iOS 16.7, iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17, iPadOS 17, macOS Sonoma 14
Operating Systems: Apple macOS, Apple iOS, Apple iPadOS, Apple tvOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable until patched.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing attackers to install persistent malware, steal all data, and control the device entirely.

🟠

Likely Case

Privilege escalation leading to data theft, surveillance capabilities, and installation of malicious software on the device.

🟢

If Mitigated

Limited impact if proper patch management and application sandboxing are enforced, though kernel vulnerabilities remain serious.

🌐 Internet-Facing: MEDIUM - Requires user interaction (running malicious app) but doesn't require network exposure directly.
🏢 Internal Only: HIGH - Malicious apps can be delivered through various internal channels, making this a significant internal threat.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to run a malicious application. No public exploit code is available in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14

Vendor Advisory: https://support.apple.com/en-us/HT213982

Restart Required: Yes

Instructions:

1. Open System Settings (macOS) or Settings (iOS/iPadOS). 2. Navigate to General > Software Update. 3. Install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of applications to only those from the App Store or trusted developers

For macOS: sudo spctl --master-enable
For iOS/iPadOS: Settings > General > Device Management > Enable restrictions

🧯 If You Can't Patch

  • Implement strict application control policies to prevent installation of untrusted applications
  • Segment affected devices from critical network resources and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On macOS: sw_vers -productVersion. On iOS/iPadOS: Settings > General > About > Version.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Processes running with elevated privileges unexpectedly
  • System integrity protection (SIP) violations

Network Indicators:

  • Unusual outbound connections from system processes
  • DNS requests to suspicious domains from kernel processes

SIEM Query:

process.parent.name:kernel AND process.name:sh OR process.name:bash OR process.name:python

📊 Metadata

CVE ID: CVE-2023-41984
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: September 27, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41984, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)