CVE-2023-41990 Information

Sep 16, 2023 cve

Description

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2 iOS 15.7.8 and iPadOS 15.7.8 watchOS 9.3 tvOS 16.3 iOS 16.3 and iPadOS 16.3 macOS Big Sur 11.7.9 macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213845 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213844 https://support.apple.com/en-us/HT213599 https://support.apple.com/en-us/HT213842

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: