CVE-2023-38598: Use After Free
First published: Mon Jul 24 2023(Updated: )
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Credit: an anonymous researcher Zweig Kunlun LabKaitao Xie Alibaba GroupXiaolong Bai Alibaba GroupCertik Skyfall Team Ant Security Lightpattern-f @pattern_F_ Ant Security LightMohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.6 | 16.6 |
| Apple iPadOS | <16.6 | 16.6 |
| Apple iOS | <15.7.8 | 15.7.8 |
| Apple iPadOS | <15.7.8 | 15.7.8 |
| <13.5 | 13.5 | |
| <12.6.8 | 12.6.8 | |
| Apple macOS Big Sur | <11.7.9 | 11.7.9 |
| Apple tvOS | <16.6 | 16.6 |
| Apple watchOS | <9.6 | 9.6 |
| Apple iPadOS | <15.7.8 | |
| Apple iPadOS | >=16.0<16.6 | |
| Apple iPhone OS | <15.7.8 | |
| Apple iPhone OS | >=16.0<16.6 | |
| Apple macOS | <11.7.9 | |
| Apple macOS | >=12.0<12.6.8 | |
| Apple macOS | >=13.0<13.5 | |
| Apple tvOS | <16.6 | |
| Apple watchOS | <9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213841 (Advisory)
- https://support.apple.com/en-us/HT213842 (Advisory)
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://support.apple.com/en-us/HT213844 (Advisory)
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213846 (Advisory)
- https://support.apple.com/en-us/HT213848 (Advisory)
- https://support.apple.com/kb/HT213841
- https://support.apple.com/kb/HT213842
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://support.apple.com/kb/HT213846
- https://support.apple.com/kb/HT213848
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-36495
- CVE-2023-38604
- CVE-2023-32734
- CVE-2023-32441
- CVE-2023-38606
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38593
- CVE-2023-38565
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38572
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38133
- CVE-2023-40442
- CVE-2023-34425
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-32416
- CVE-2023-41990
- CVE-2023-36854
- CVE-2023-32418
- CVE-2023-38603
- CVE-2023-37285
- CVE-2023-40440
- CVE-2023-38571
- CVE-2023-38421
- CVE-2023-38258
- CVE-2023-1916
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38259
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32442
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32422
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-38605
- CVE-2023-38136
- CVE-2023-38580
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-36862
- CVE-2023-42828
- CVE-2023-40437
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-38410
- CVE-2023-38609
- CVE-2023-38564
- CVE-2023-32654
- CVE-2023-38608
- CVE-2023-40397
- CVE-2023-38597
- CVE-2023-23540
- CVE-2023-32409
- CVE-2023-41995
- CVE-2023-40400
- CVE-2023-40394
- CVE-2023-32437
Frequently Asked Questions
What is CVE-2023-38598?
CVE-2023-38598 is a use-after-free vulnerability in the kernel of Apple devices.
How severe is CVE-2023-38598?
CVE-2023-38598 has a severity rating of 9.8 out of 10, making it a critical vulnerability.
Which devices and operating systems are affected by CVE-2023-38598?
CVE-2023-38598 affects Apple devices running iOS, iPadOS, macOS, tvOS, and watchOS.
Are there any fixes available for CVE-2023-38598?
Yes, CVE-2023-38598 is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, and macOS Ventura 13.5.
How can I fix CVE-2023-38598?
To fix CVE-2023-38598, you should update your Apple devices to the latest versions of watchOS, macOS, iOS, iPadOS, or tvOS that include the security patches for this vulnerability.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-latest
- agent/severity
- agent/author
- agent/softwarecombine
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/tags
- agent/event
- agent/description
- alias/CVE-2023-32433
- alias/CVE-2023-35993
- alias/CVE-2023-41995
- alias/CVE-2023-38598
- agent/weakness
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple ipados
- version/apple ipados/16.0
- canonical/apple iphone os
- version/apple iphone os/16.0
- canonical/apple macos
- version/apple macos/12.0
- version/apple macos/13.0
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple macos monterey
- canonical/apple macos big sur
- canonical/apple macos ventura
- canonical/apple ios