Login Sign Up

CVE-2023-42841

7.8 HIGH

📋 TL;DR

This is a memory corruption vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. It affects macOS, iOS, and iPadOS users running vulnerable versions. Successful exploitation gives attackers complete control over the affected device.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
Versions: Versions prior to macOS Sonoma 14.1, iOS 17.1, iPadOS 17.1, iOS 16.7.2, iPadOS 16.7.2, macOS Ventura 13.6.1
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations are vulnerable. Requires malicious app installation or exploitation through another vulnerability chain.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level persistence, data theft, credential harvesting, and installation of rootkits or backdoors.

🟠

Likely Case

Malicious app bypasses sandbox restrictions to gain full system access, potentially leading to data exfiltration, surveillance, or ransomware deployment.

🟢

If Mitigated

Limited impact due to app sandboxing and security controls, potentially only affecting the compromised application's data.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires app execution or another initial access vector. Memory corruption vulnerabilities in Apple kernels have been exploited in the wild previously.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.1, iOS 17.1, iPadOS 17.1, iOS 16.7.2, iPadOS 16.7.2, macOS Ventura 13.6.1

Vendor Advisory: https://support.apple.com/en-us/HT213981

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences 2. Navigate to Software Update 3. Install available updates 4. Restart device when prompted

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like the App Store to reduce attack surface

Enable System Integrity Protection

macOS

Ensure SIP is enabled to limit kernel modifications

csrutil status

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement application allowlisting to prevent unauthorized app execution

🔍 How to Verify

Check if Vulnerable:

Check OS version against vulnerable versions listed in Apple advisory

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in advisory

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected privilege escalation
  • Unusual process spawning from apps

Network Indicators:

  • Unexpected outbound connections from system processes
  • Beaconing to unknown domains

SIEM Query:

process.parent.name:kernel AND process.name:malicious_app OR privilege_escalation:true

📊 Metadata

CVE ID: CVE-2023-42841
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: October 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42841, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)