CVE-2023-28206
Published: 10 April 2023
Summary
CVE-2023-28206 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2023-28206 is an out-of-bounds write vulnerability addressed through improved input validation in multiple Apple operating systems. The affected platforms include macOS Monterey prior to 12.6.5, macOS Ventura prior to 13.3.1, macOS Big Sur prior to 11.7.6, iOS and iPadOS prior to 16.4.1, and iOS and iPadOS prior to 15.7.5. The flaw carries a CVSS score of 8.6 and is classified under CWE-787.
An unprivileged local attacker can exploit the issue by supplying malicious input to a vulnerable application, potentially achieving arbitrary code execution with kernel-level privileges on the target device. The attack requires user interaction such as opening a crafted file or app.
Apple security advisories for the listed updates confirm that the vulnerability has been resolved in the specified releases and recommend that users install the patches promptly. The vendor notes awareness of reports indicating the issue may have been actively exploited in the wild prior to patching.
The associated EPSS score reached a peak of 0.2631 before receding to its current value of 0.2159, consistent with sustained but not sharply escalating post-disclosure interest in the flaw.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-31914
Vulnerability details
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able…
more
to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- CWE(s)
- KEV Date Added
- 10 April 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the root cause by enforcing improved input validation to block out-of-bounds writes before arbitrary kernel code execution occurs.
Provides memory protection mechanisms that can prevent or contain out-of-bounds writes from corrupting kernel memory and achieving privilege escalation.
Enforces process isolation between user-space applications and kernel execution domains, limiting the ability of a malicious app to reach kernel privileges even if memory corruption succeeds.