What is CVE-2023-23540?

CVE-2023-23540 is a vulnerability in Apple Neural Engine that allows an app to execute arbitrary code with kernel privileges.

How can this vulnerability be exploited?

This vulnerability can be exploited by an app to execute arbitrary code with kernel privileges.

What is the severity of CVE-2023-23540?

CVE-2023-23540 has a severity rating of high with a CVSS score of 7.8.

Which Apple software versions are affected by CVE-2023-23540?

CVE-2023-23540 affects macOS Big Sur up to version 11.7.5, iOS up to version 15.7.8, iPadOS up to version 15.7.8, macOS Monterey up to version 12.6.4, iOS up to version 16.4, and iPadOS up to version 16.4.

How can I fix CVE-2023-23540?

CVE-2023-23540 is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. Update your software to the latest version to fix the vulnerability.

Vulnerability/
CVE-2023-23540

high

7.8

27/3/2023

8/5/2023

22/12/2023

CVE-2023-23540

First published: Mon Mar 27 2023(Updated: )

Apple Neural Engine. The issue was addressed with improved memory handling.

Credit: Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 product-security@apple.com product-security@apple.com

Affected Software	Affected Version	How to fix
Apple macOS Big Sur	<11.7.5	11.7.5
Apple iOS	<16.4	16.4
Apple iPadOS	<16.4	16.4
	<12.6.4	12.6.4
Apple iOS	<15.7.8	15.7.8
Apple iPadOS	<15.7.8	15.7.8
Apple iPadOS	<15.7.8
Apple iPadOS	>=16.0<16.4
Apple iPhone OS	<15.7.8
Apple iPhone OS	>=16.0<16.4
Apple macOS	<11.7.5
Apple macOS	>=12.0<12.6.4

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213675 (Advisory)
https://support.apple.com/en-us/HT213676 (Advisory)
https://support.apple.com/en-us/HT213677 (Advisory)
https://support.apple.com/kb/HT213675
https://support.apple.com/kb/HT213677
https://support.apple.com/kb/HT213676
https://support.apple.com/en-us/HT213842 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-23540
CVE-2022-26702
CVE-2023-23527
CVE-2023-27951
CVE-2023-27961
CVE-2023-23534
CVE-2023-27955
CVE-2023-27936
CVE-2023-27935
CVE-2023-27953
CVE-2023-27958
CVE-2023-23537
CVE-2023-32366
CVE-2023-27937
CVE-2023-27928
CVE-2023-27946
CVE-2023-23535
CVE-2023-32378
CVE-2023-27941
CVE-2023-28199
CVE-2023-23536
CVE-2023-23514
CVE-2023-28200
CVE-2023-28185
CVE-2023-23525
CVE-2023-41075
CVE-2023-28189
CVE-2023-28197
CVE-2023-28182
CVE-2023-27962
CVE-2023-27942
CVE-2023-23542
CVE-2023-28192
CVE-2023-0433
CVE-2023-0512
CVE-2023-27944
CVE-2023-23541
CVE-2023-42830
CVE-2023-27959
CVE-2023-27970
CVE-2023-23532
CVE-2023-27931
CVE-2023-23543
CVE-2023-23494
CVE-2023-23528
CVE-2023-28181
CVE-2023-28195
CVE-2023-27956
CVE-2023-23526
CVE-2023-27929
CVE-2023-42862
CVE-2023-42865
CVE-2023-28187
CVE-2023-32424
CVE-2023-27969
CVE-2023-27933
CVE-2023-27943
CVE-2022-46724
CVE-2023-23523
CVE-2023-28194
CVE-2023-28178
CVE-2023-27963
CVE-2023-28188
CVE-2023-32370
CVE-2023-28198
CVE-2022-46725
CVE-2023-32435
CVE-2023-27932
CVE-2023-27954
CVE-2022-46705
CVE-2014-1745
CVE-2023-32358
CVE-2023-28201
CVE-2023-27934
CVE-2023-27949
CVE-2023-23538
CVE-2023-23533
CVE-2023-40442
CVE-2023-34425
CVE-2023-40392
CVE-2023-32416
CVE-2023-41990
CVE-2023-38603
CVE-2023-38590
CVE-2023-38598
CVE-2023-36495
CVE-2023-37285
CVE-2023-38604
CVE-2023-32441
CVE-2023-38606
CVE-2023-32433
CVE-2023-35993
CVE-2023-38593
CVE-2023-38565
CVE-2023-42831
CVE-2023-38605
CVE-2023-38599
CVE-2023-32445
CVE-2023-37450
CVE-2023-38572
CVE-2023-32409
CVE-2023-38594
CVE-2023-38597
CVE-2023-38133

Frequently Asked Questions

What is CVE-2023-23540?
CVE-2023-23540 is a vulnerability in Apple Neural Engine that allows an app to execute arbitrary code with kernel privileges.
How can this vulnerability be exploited?
This vulnerability can be exploited by an app to execute arbitrary code with kernel privileges.
What is the severity of CVE-2023-23540?
CVE-2023-23540 has a severity rating of high with a CVSS score of 7.8.
Which Apple software versions are affected by CVE-2023-23540?
CVE-2023-23540 affects macOS Big Sur up to version 11.7.5, iOS up to version 15.7.8, iPadOS up to version 15.7.8, macOS Monterey up to version 12.6.4, iOS up to version 16.4, and iPadOS up to version 16.4.
How can I fix CVE-2023-23540?
CVE-2023-23540 is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. Update your software to the latest version to fix the vulnerability.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
collector/apple-support
source/Apple
agent/software-canonical-lookup-request
agent/software-canonical-lookup
alias/CVE-2023-27959
collector/nvd-api
collector/nvd-index
collector/nvd-latest
vendor/apple
canonical/apple macos big sur
canonical/apple ios
canonical/apple ipados
canonical/apple macos monterey
version/apple ipados/16.0
canonical/apple iphone os
version/apple iphone os/16.0
canonical/apple macos
version/apple macos/12.0