Cyber Resilience

CVE-2023-41990

HighCISA KEVActive ExploitationEUVD Exploited

Published: 12 September 2023

Published
12 September 2023
Modified
23 October 2025
KEV Added
08 January 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0268 86.2th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-41990 is a high-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 13.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2023-41990 is a vulnerability in Apple's font file processing logic that stems from improper cache handling. It affects multiple Apple operating systems prior to the listed fixed versions, including tvOS before 16.3, iOS and iPadOS before 16.3 and 15.7.8, macOS Monterey before 12.6.8, macOS Big Sur before 11.7.9, macOS Ventura before 13.2, and watchOS before 9.3. The flaw received a CVSS score of 7.8 and can result in arbitrary code execution when a malicious font file is processed.

An attacker can exploit the issue by supplying a crafted font file that the victim opens or that is rendered by an affected application. Because the attack requires local access and user interaction, it is typically delivered via documents, web content, or other vectors that trigger font rendering on the target device. Successful exploitation grants the attacker the ability to execute arbitrary code with the privileges of the affected process.

Apple security advisories HT213599, HT213601, HT213605, HT213606, and HT213842 state that the issue was resolved by improved cache handling and list the exact build numbers for each affected platform. Users are advised to install the updates for iOS 16.3 / iPadOS 16.3, iOS 15.7.8 / iPadOS 15.7.8, macOS Ventura 13.2, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, tvOS 16.3, and watchOS 9.3.

Apple has confirmed that the vulnerability was actively exploited in the wild against iOS versions released before 15.7.1. The EPSS score has remained low and stable, with a current value of 0.0268 and a peak of 0.0276.

EU & UK References

Vulnerability details

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a…

more

font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CWE(s)
KEV Date Added
08 January 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 15.7.8 · 16.0 — 16.3
apple
iphone os
≤ 15.7.8 · 16.0 — 16.3
apple
macos
≤ 11.7.9 · 12.0.0 — 12.6.8 · 13.0 — 13.2
apple
tvos
≤ 16.3
apple
watchos
≤ 9.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patches that correct the improper cache handling during font-file processing.

preventdetect

Malicious-code protection mechanisms can block or alert on the crafted font files used to trigger the vulnerability.

preventdetect

Integrity verification of software and data can detect unauthorized modification or substitution of font files before they are processed.

References