CVE-2023-41992
Published: 21 September 2023
Summary
CVE-2023-41992 is a high-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 21.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-41992 is an improper-check vulnerability that permits local privilege escalation on Apple platforms. It affects macOS Monterey prior to 12.7, macOS Ventura prior to 13.6, and iOS/iPadOS prior to 16.7; the flaw was resolved by adding improved validation checks in those releases.
A local attacker with an existing user account can exploit the weakness to raise privileges to root or kernel level, gaining broader access to system resources and data. The CVSS 7.8 score reflects the low attack complexity and lack of required user interaction once local access is obtained.
Apple security advisories HT213927, HT213931, and HT213932 detail the affected builds and confirm that the fixes are included in the September 2023 OS updates; organizations should apply the patches to eliminate the exposure.
Apple has stated it is aware of reports that the issue was actively exploited against iOS versions before 16.7, indicating targeted in-the-wild use prior to disclosure. The associated EPSS values remained low and showed only minimal change.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-46451
Vulnerability details
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that…
more
this issue may have been actively exploited against versions of iOS before iOS 16.7.
- CWE(s)
- KEV Date Added
- 25 September 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access control decisions so the missing validation checks cannot be abused for local privilege escalation.
Requires timely application of the vendor patches that corrected the improper condition checks in the affected Apple OS versions.
Limits the set of privileges available to a local process, reducing the impact even if the flawed check is successfully exploited.