CVE-2023-27940
In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Accessibility", "Apple Neural Engine", "AppleMobileFileIntegrity", "Associated Domains", "Cellular", "CoreLocation", "Core Services", "ImageIO", "IOSurfaceAccelerator", "Kernel, "LaunchServices", "Metal", "Model I/O", "NetworkExtension", "PDFKit", "Photos", "Sandbox", "Security", "Shortcuts", "Siri", "SQLite", "StorageKit", "System Settings", "Telephony", "TV App", "Weather", "WebKit" sowie "Wi-Fi". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.
EPSS 0.05% · 16.5th percentile
Risk Scores
Timeline
- May 18, 2023 CVE Published
- Jun 24, 2023 EPSS Score
- Jul 29, 2023 EPSS Score
- Sep 2, 2023 EPSS Score
- Oct 7, 2023 EPSS Score
- Nov 12, 2023 EPSS Score
- Dec 17, 2023 EPSS Score
- Jan 21, 2024 EPSS Score
- Feb 25, 2024 EPSS Score
- Mar 31, 2024 EPSS Score
- May 5, 2024 EPSS Score
- Jun 9, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1251.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1251 advisory
- https://support.apple.com/HT213758 advisory
- https://support.apple.com/HT213759 advisory
- https://support.apple.com/HT213760 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1252.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1252 advisory
- https://support.apple.com/HT213765 advisory
- https://support.apple.com/HT213757 advisory