Cyber Resilience

CVE-2023-41993

HighCISA KEVActive ExploitationEUVD Exploited

Published: 21 September 2023

Published
21 September 2023
Modified
05 November 2025
KEV Added
25 September 2023
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.2417 96.2th percentile
Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-41993 is a high-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 3.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability tracked as CVE-2023-41993 stems from insufficient validation checks when processing web content and is fixed in macOS Sonoma 14. The flaw affects Apple platforms that handle web content, with Apple confirming active exploitation against iOS versions prior to iOS 16.7. It carries a CVSS 3.1 base score of 8.8 and is associated with CWE-754.

An unauthenticated remote attacker can supply malicious web content that a user is tricked into processing, resulting in arbitrary code execution with full confidentiality, integrity, and availability impact. The attack requires user interaction but no privileges and can be delivered over the network.

Apple addressed the issue through improved checks in macOS Sonoma 14, with corresponding updates referenced in security advisories such as HT213940. Third-party vendors including Gentoo and NetApp have published related guidance pointing users to the vendor patches.

Apple has stated that the vulnerability was exploited in the wild against older iOS releases, and the associated EPSS score has reached a peak of 0.2489 with a current value of 0.2417.

EU & UK References

Vulnerability details

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions…

more

of iOS before iOS 16.7.

CWE(s)
KEV Date Added
25 September 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 17.0.1
apple
iphone os
≤ 17.0.1
apple
macos
≤ 14.0
fedoraproject
fedora
37, 38, 39
debian
debian linux
11.0, 12.0
oracle
graalvm
20.3.13, 21.3.9
oracle
jdk
1.8.0
oracle
jre
1.8.0
netapp
active iq unified manager
all versions
netapp
cloud insights acquisition unit
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of web content inputs to block the insufficient checks (CWE-754) that enable arbitrary code execution.

prevent

Requires timely application of the vendor patches that add the improved validation checks fixing CVE-2023-41993.

prevent

Provides mechanisms to detect and block malicious web content before it is processed and triggers code execution.

References