Cyber Resilience

CVE-2023-28206

HighCISA KEVActive ExploitationEUVD Exploited

Published: 10 April 2023

Published
10 April 2023
Modified
23 October 2025
KEV Added
10 April 2023
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.2159 95.9th percentile
Risk Priority 50 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-28206 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2023-28206 is an out-of-bounds write vulnerability addressed through improved input validation in multiple Apple operating systems. The affected platforms include macOS Monterey prior to 12.6.5, macOS Ventura prior to 13.3.1, macOS Big Sur prior to 11.7.6, iOS and iPadOS prior to 16.4.1, and iOS and iPadOS prior to 15.7.5. The flaw carries a CVSS score of 8.6 and is classified under CWE-787.

An unprivileged local attacker can exploit the issue by supplying malicious input to a vulnerable application, potentially achieving arbitrary code execution with kernel-level privileges on the target device. The attack requires user interaction such as opening a crafted file or app.

Apple security advisories for the listed updates confirm that the vulnerability has been resolved in the specified releases and recommend that users install the patches promptly. The vendor notes awareness of reports indicating the issue may have been actively exploited in the wild prior to patching.

The associated EPSS score reached a peak of 0.2631 before receding to its current value of 0.2159, consistent with sustained but not sharply escalating post-disclosure interest in the flaw.

EU & UK References

Vulnerability details

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able…

more

to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

CWE(s)
KEV Date Added
10 April 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 15.7.5 · 16.0 — 16.4.1
apple
iphone os
≤ 15.7.5 · 16.0 — 16.4.1
apple
macos
≤ 11.7.6 · 12.0 — 12.6.5 · 13.0 — 13.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the root cause by enforcing improved input validation to block out-of-bounds writes before arbitrary kernel code execution occurs.

prevent

Provides memory protection mechanisms that can prevent or contain out-of-bounds writes from corrupting kernel memory and achieving privilege escalation.

prevent

Enforces process isolation between user-space applications and kernel execution domains, limiting the ability of a malicious app to reach kernel privileges even if memory corruption succeeds.

References