CVE-2023-41993

CVE Database · CVE-2023-41993

CVE-2023-41993

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

29.18%

Published

Sep 21, 2023

Modified

Nov 5, 2025

CISA Known Exploited Vulnerability

Added: 2023-09-25 · Due: 2023-10-16

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (6)

All weaponized →

TrickestTrickest PoC index GitHub PoCpo6ix/POC-for-CVE-2023-41993★202 GitHub PoChrtowii/cve-2023-41993-test★16 GitHub PoC0x06060606/CVE-2023-41993★5 GitHub PoCMangaia/cve-test★0 GitHub PoCJ3Ss0u/CVE-2023-41993★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-754CWE-754

Affected Products (19)

apple · ipados (up to 17.0.1)vulnerable

apple · iphone_os (up to 17.0.1)vulnerable

apple · macos (up to 14.0)vulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

oracle · graalvmvulnerable

oracle · graalvm