CVE-2023-23540
First published: Mon Mar 27 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: Mohamed GHANNAM @_simo36 Mickey Jin @patch1t Brandon Dalton @partyD0lphin Red CanaryCsaba Fitzl @theevilbit Offensive SecurityRıza Sabuncu @rizasabuncu JeongOhKyea Tingting Yin Tsinghua UniversityAleksandar Nikolic Cisco TalosAdam M. Ye Zhang @VAR10CK Baidu Securityan anonymous researcher Murray Mike Arsenii Kostromin (0x3c3e) Félix Poulin-Bélanger David Pan Ogea Xinru Chi Pangu LabNed Williamson Google Project Zerosqrtpwn Pan ZhenPeng STAR Labs SG PteZweig Kunlun LabJoshua Jones Zhuowei Zhang Mickey Jin @patch1t FFRI Security IncKoh M. Nakagawa FFRI Security Inc Offensive SecurityYiğit Can YILMAZ @yilmazcanyigit Jubaer Alnazi Jabin TRS Group Of CompaniesWenchao Li Alibaba GroupXiaolong Bai Alibaba GroupGuilherme Rambo Best Buddy AppsCVE-2023-0433 CVE-2023-0512 Antonio Zekic @antoniozekic John Aakerblom @jaakerblom ryuzaki Mohamed GHANNAM Mohamed Ghannam @_simo36 Itay Iellin General Motors Product Cyber SecurityJianjun Dai 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research InstituteJubaer Alnazi TRS Group of CompaniesMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativePan ZhenPeng @Peterpan0927 STAR Labs SG PteZechao Cai @Zech4o Zhejiang UniversityAdam Doupé ASU SEFCOMan anonymous researcher Red CanaryMilan Tenk F FArthur Valiev FAbhay Kailasia @abhay_kailasia Lakshmi Narain College Of Technology BhopaldevelopStorm Anton Spivak Alibaba GroupXin Huang @11iaxH Gertjan Franken imecKU Leuven hazbinhotel Trend Micro Zero Day InitiativeHyeon Park @tree_segment Team ApplePIEGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ KasperskyBoris Larin @oct0xor Kaspersky KasperskyValentin Pashkov KasperskyAnonymous Trend Micro Zero Day InitiativeDohyun Lee @l33d0hyun SSD Labscrixer @pwning_me SSD Labs product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.6.4 | 12.6.4 |
| Apple macOS | <11.7.5 | 11.7.5 |
| Apple iOS, iPadOS, and watchOS | <15.7.8 | |
| Apple iOS, iPadOS, and watchOS | >=16.0<16.4 | |
| iOS | <15.7.8 | |
| iOS | >=16.0<16.4 | |
| Apple iOS and macOS | <11.7.5 | |
| Apple iOS and macOS | >=12.0<12.6.4 | |
| Apple iOS, iPadOS, and watchOS | <16.4 | 16.4 |
| Apple iOS, iPadOS, and watchOS | <16.4 | 16.4 |
| Apple iOS, iPadOS, and watchOS | <15.7.8 | 15.7.8 |
| Apple iOS, iPadOS, and watchOS | <15.7.8 | 15.7.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213675 (Advisory)
- https://support.apple.com/en-us/HT213676 (Advisory)
- https://support.apple.com/en-us/HT213677 (Advisory)
- https://support.apple.com/en-us/HT213842 (Advisory)
- https://support.apple.com/en-us/102833 (Advisory)
- https://support.apple.com/en-us/102784 (Advisory)
- https://support.apple.com/en-us/102880 (Advisory)
- https://support.apple.com/kb/HT213842
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-23540
- CVE-2023-23527
- CVE-2023-27951
- CVE-2023-27961
- CVE-2023-27955
- CVE-2023-27936
- CVE-2023-28181
- CVE-2023-40398
- CVE-2023-27935
- CVE-2023-27934
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-23537
- CVE-2023-32366
- CVE-2023-27937
- CVE-2023-27946
- CVE-2023-32378
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23536
- CVE-2023-23514
- CVE-2023-27933
- CVE-2023-28200
- CVE-2023-28185
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-27949
- CVE-2023-28182
- CVE-2023-23538
- CVE-2023-27962
- CVE-2023-27942
- CVE-2023-23533
- CVE-2023-28178
- CVE-2023-27963
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-27944
- CVE-2022-26702
- CVE-2023-23534
- CVE-2023-27928
- CVE-2023-23535
- CVE-2023-23525
- CVE-2023-23541
- CVE-2023-42830
- CVE-2023-27959
- CVE-2023-27970
- CVE-2023-23532
- CVE-2023-27931
- CVE-2023-23543
- CVE-2023-23494
- CVE-2023-23528
- CVE-2023-28195
- CVE-2023-27956
- CVE-2023-23526
- CVE-2023-27929
- CVE-2023-42862
- CVE-2023-42865
- CVE-2023-28187
- CVE-2023-32424
- CVE-2023-27969
- CVE-2023-27943
- CVE-2022-46724
- CVE-2023-23523
- CVE-2023-28194
- CVE-2023-28188
- CVE-2023-32370
- CVE-2023-28198
- CVE-2022-46725
- CVE-2023-32435
- CVE-2023-27932
- CVE-2023-27954
- CVE-2022-46705
- CVE-2014-1745
- CVE-2023-32358
- CVE-2023-28201
- CVE-2023-40442
- CVE-2023-34425
- CVE-2023-40392
- CVE-2023-32416
- CVE-2023-41990
- CVE-2023-38603
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-36495
- CVE-2023-37285
- CVE-2023-38604
- CVE-2023-32441
- CVE-2023-38606
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38593
- CVE-2023-38565
- CVE-2023-42831
- CVE-2023-38605
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-37450
- CVE-2023-38572
- CVE-2023-32409
- CVE-2023-38594
- CVE-2023-38597
- CVE-2023-38133
Frequently Asked Questions
What is CVE-2023-23540?
CVE-2023-23540 is a vulnerability in Apple Neural Engine that allows an app to execute arbitrary code with kernel privileges.
How can this vulnerability be exploited?
This vulnerability can be exploited by an app to execute arbitrary code with kernel privileges.
What is the severity of CVE-2023-23540?
CVE-2023-23540 has a severity rating of high with a CVSS score of 7.8.
Which Apple software versions are affected by CVE-2023-23540?
CVE-2023-23540 affects macOS Big Sur up to version 11.7.5, iOS up to version 15.7.8, iPadOS up to version 15.7.8, macOS Monterey up to version 12.6.4, iOS up to version 16.4, and iPadOS up to version 16.4.
How can I fix CVE-2023-23540?
CVE-2023-23540 is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. Update your software to the latest version to fix the vulnerability.
- collector/nvd-latest
- agent/type
- agent/first-publish-date
- agent/severity
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/trending
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- alias/CVE-2023-23527
- alias/CVE-2023-27951
- alias/CVE-2023-27961
- alias/CVE-2023-27955
- alias/CVE-2023-27936
- alias/CVE-2023-28181
- alias/CVE-2023-40398
- alias/CVE-2023-27935
- alias/CVE-2023-27934
- alias/CVE-2023-27953
- alias/CVE-2023-27958
- alias/CVE-2023-23537
- alias/CVE-2023-32366
- alias/CVE-2023-27937
- alias/CVE-2023-27946
- alias/CVE-2023-32378
- alias/CVE-2023-27941
- alias/CVE-2023-28199
- alias/CVE-2023-23536
- alias/CVE-2023-23514
- alias/CVE-2023-27933
- alias/CVE-2023-28200
- alias/CVE-2023-28185
- alias/CVE-2023-41075
- alias/CVE-2023-28189
- alias/CVE-2023-28197
- alias/CVE-2023-27949
- alias/CVE-2023-28182
- alias/CVE-2023-23538
- alias/CVE-2023-27962
- alias/CVE-2023-27942
- alias/CVE-2023-23533
- alias/CVE-2023-28178
- alias/CVE-2023-27963
- alias/CVE-2023-23542
- alias/CVE-2023-28192
- alias/CVE-2023-0433
- alias/CVE-2023-0512
- alias/CVE-2023-27944
- alias/CVE-2022-26702
- alias/CVE-2023-23534
- alias/CVE-2023-27928
- alias/CVE-2023-23535
- alias/CVE-2023-23525
- agent/description
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- agent/author
- collector/nvd-api
- source/NVD
- collector/nvd-index
- alias/CVE-2023-23540
- alias/CVE-2023-27959
- alias/CVE-2023-27970
- alias/CVE-2023-23532
- alias/CVE-2023-27931
- alias/CVE-2023-23543
- alias/CVE-2023-23494
- alias/CVE-2023-23528
- alias/CVE-2023-28195
- alias/CVE-2023-27956
- alias/CVE-2023-23526
- alias/CVE-2023-27929
- alias/CVE-2023-42862
- alias/CVE-2023-42865
- alias/CVE-2023-28187
- alias/CVE-2023-32424
- alias/CVE-2023-27969
- alias/CVE-2023-27943
- alias/CVE-2022-46724
- alias/CVE-2023-23523
- alias/CVE-2023-28194
- alias/CVE-2023-28188
- alias/CVE-2023-32370
- alias/CVE-2023-28198
- alias/CVE-2022-46725
- alias/CVE-2023-32435
- alias/CVE-2023-27932
- alias/CVE-2023-27954
- alias/CVE-2022-46705
- alias/CVE-2014-1745
- alias/CVE-2023-32358
- alias/CVE-2023-28201
- alias/CVE-2023-42830
- vendor/apple
- canonical/apple macos monterey
- canonical/apple macos
- canonical/apple ios, ipados, and watchos
- version/apple ios, ipados, and watchos/16.0
- canonical/ios
- version/ios/16.0
- canonical/apple ios and macos
- version/apple ios and macos/12.0