CVE-2023-41995 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-41995?

CVE-2023-41995 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in Apple's iOS, iPadOS, and macOS that allows a malicious app to execute arbitrary code with kernel privileges. This gives attackers complete control over affected devices. All users running vulnerable versions of these operating systems are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in Apple's iOS, iPadOS, and macOS that allows a malicious app to execute arbitrary code with kernel privileges. This gives attackers complete control over affected devices. All users running vulnerable versions of these operating systems are affected.

💻 Affected Systems

Products:

iOS
iPadOS
macOS

Versions: Versions prior to iOS 17, iPadOS 17, and macOS Sonoma 14

Operating Systems: iOS, iPadOS, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected versions are vulnerable by default. No special configuration required.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level persistence, data theft, credential harvesting, and installation of backdoors or ransomware.

🟠

Likely Case

Malicious app gains kernel privileges to bypass security controls, access sensitive data, and maintain persistence on the device.

🟢

If Mitigated

With proper app vetting and security controls, exploitation requires user interaction to install malicious apps, reducing widespread impact.

🌐 Internet-Facing: LOW - Exploitation requires local app execution, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires user to install malicious app, but could be combined with social engineering or supply chain attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target device. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 17, iPadOS 17, macOS Sonoma 14

Vendor Advisory: https://support.apple.com/en-us/HT213938

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install iOS 17/iPadOS 17/macOS Sonoma 14. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the App Store

Enable Lockdown Mode

all

Apple's extreme protection mode that blocks certain features and connections

🧯 If You Can't Patch

Isolate vulnerable devices from critical networks and data
Implement strict application allowlisting and mobile device management controls

🔍 How to Verify

Check if Vulnerable:

Check device OS version in Settings > General > About on iOS/iPadOS or Apple menu > About This Mac on macOS

Check Version:

iOS/iPadOS: Settings > General > About > Version; macOS: sw_vers or System Settings > General > About

Verify Fix Applied:

Verify OS version is iOS 17+, iPadOS 17+, or macOS Sonoma 14+

📡 Detection & Monitoring

Log Indicators:

Unexpected kernel extensions or drivers loading
Processes running with unexpected kernel privileges
System integrity protection (SIP) violations

Network Indicators:

Unusual outbound connections from system processes
DNS requests to suspicious domains from kernel processes

SIEM Query:

process_name:kernel AND parent_process:launchd AND cmdline:*suspicious* OR event_type:privilege_escalation AND target_process:kernel

📊 Metadata

CVE ID: CVE-2023-41995

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 27, 2023

Last Updated: November 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2023/Oct/3 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/8 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT213938 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT213940 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT213841 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2023/Oct/3 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/8 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT213938 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT213940 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT213841 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT213938
https://support.apple.com/kb/HT213940

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41995, you might also want to check these: