Cyber Resilience

CVE-2023-41992

HighCISA KEVActive ExploitationEUVD Exploited

Published: 21 September 2023

Published
21 September 2023
Modified
05 November 2025
KEV Added
25 September 2023
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0106 78.1th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-41992 is a high-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 21.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-41992 is an improper-check vulnerability that permits local privilege escalation on Apple platforms. It affects macOS Monterey prior to 12.7, macOS Ventura prior to 13.6, and iOS/iPadOS prior to 16.7; the flaw was resolved by adding improved validation checks in those releases.

A local attacker with an existing user account can exploit the weakness to raise privileges to root or kernel level, gaining broader access to system resources and data. The CVSS 7.8 score reflects the low attack complexity and lack of required user interaction once local access is obtained.

Apple security advisories HT213927, HT213931, and HT213932 detail the affected builds and confirm that the fixes are included in the September 2023 OS updates; organizations should apply the patches to eliminate the exposure.

Apple has stated it is aware of reports that the issue was actively exploited against iOS versions before 16.7, indicating targeted in-the-wild use prior to disclosure. The associated EPSS values remained low and showed only minimal change.

EU & UK References

Vulnerability details

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that…

more

this issue may have been actively exploited against versions of iOS before iOS 16.7.

CWE(s)
KEV Date Added
25 September 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
17.0 · ≤ 16.7
apple
iphone os
17.0 · ≤ 16.7
apple
macos
12.0 — 12.7 · 13.0 — 13.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control decisions so the missing validation checks cannot be abused for local privilege escalation.

prevent

Requires timely application of the vendor patches that corrected the improper condition checks in the affected Apple OS versions.

prevent

Limits the set of privileges available to a local process, reducing the impact even if the flawed check is successfully exploited.

References