CVE-2023-42942
High
Published: 21 February 2024
Published
21 February 2024
Modified
04 November 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0013
31.4th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2023-42942 is a high-severity Link Following (CWE-59) vulnerability in Apple Iphone Os. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-47363
Vulnerability details
This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able…
more
to gain root privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
apple
ipad os
≤ 16.7.2
apple
ipados
17.0
apple
iphone os
17.0 · ≤ 16.7.2
apple
macos
14.0 · 13.0 — 13.6.1
apple
tvos
≤ 17.1
apple
watchos
≤ 10.1
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.