CVE-2023-38606: Apple Multiple Products Kernel Unspecified Vulnerability
First published: Mon Jul 24 2023(Updated: )
Kernel. This issue was addressed with improved state management.
Credit: product-security@apple.com product-security@apple.com Valentin Pashkov KasperskyMikhail Vinogradov KasperskyGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ Kaspersky KasperskyBoris Larin @oct0xor KasperskyValentin Pashkov KasperskyMikhail Vinogradov KasperskyGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ Kaspersky KasperskyBoris Larin @oct0xor KasperskyValentin Pashkov KasperskyMikhail Vinogradov KasperskyGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ Kaspersky KasperskyBoris Larin @oct0xor KasperskyValentin Pashkov KasperskyMikhail Vinogradov KasperskyGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ Kaspersky KasperskyBoris Larin @oct0xor KasperskyValentin Pashkov KasperskyMikhail Vinogradov KasperskyGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ Kaspersky KasperskyBoris Larin @oct0xor KasperskyValentin Pashkov KasperskyMikhail Vinogradov KasperskyGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ Kaspersky KasperskyBoris Larin @oct0xor KasperskyValentin Pashkov KasperskyMikhail Vinogradov KasperskyGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ Kaspersky KasperskyBoris Larin @oct0xor Kaspersky product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.6 | 16.6 |
| Apple iPadOS | <16.6 | 16.6 |
| Apple iOS | <15.7.8 | 15.7.8 |
| Apple iPadOS | <15.7.8 | 15.7.8 |
| <13.5 | 13.5 | |
| <12.6.8 | 12.6.8 | |
| Apple macOS Big Sur | <11.7.9 | 11.7.9 |
| Apple tvOS | <16.6 | 16.6 |
| Apple watchOS | <9.6 | 9.6 |
| Apple Multiple Products | ||
| Apple iPadOS | <15.7.8 | |
| Apple iPadOS | >=16.0<16.6 | |
| Apple iPhone OS | <15.7.8 | |
| Apple iPhone OS | >=16.0<16.6 | |
| Apple macOS | >=11.0<11.7.9 | |
| Apple macOS | >=12.0.0<12.6.8 | |
| Apple macOS | >=13.0<13.5 | |
| Apple tvOS | <16.6 | |
| Apple watchOS | <9.6 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213841 (Advisory)
- https://support.apple.com/en-us/HT213842 (Advisory)
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://support.apple.com/en-us/HT213844 (Advisory)
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213846 (Advisory)
- https://support.apple.com/en-us/HT213848 (Advisory)
- https://support.apple.com/kb/HT213845
- https://support.apple.com/kb/HT213846
- https://www.theregister.com/2023/12/28/kaspersky_reveals_previously_unknown_hardware/
- https://support.apple.com/kb/HT213841
- https://support.apple.com/kb/HT213842
- https://support.apple.com/en-us/HT213841,
- https://support.apple.com/en-us/HT213842,
- https://support.apple.com/en-us/HT213843,https://support.apple.com/en-us/HT213844,https://support.apple.com/en-us/HT213845,https://support.apple.com/en-us/HT213846,https://support.apple.com/en-us/HT213848
- https://nvd.nist.gov/vuln/detail/CVE-2023-38606
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-34425
- CVE-2023-38580
- CVE-2023-36862
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-42828
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-32416
- CVE-2023-40437
- CVE-2023-32418
- CVE-2023-36854
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-36495
- CVE-2023-37285
- CVE-2023-38604
- CVE-2023-32734
- CVE-2023-32441
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38410
- CVE-2023-38606
- CVE-2023-38603
- CVE-2023-38565
- CVE-2023-38593
- CVE-2023-40440
- CVE-2023-38258
- CVE-2023-38421
- CVE-2023-1916
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38609
- CVE-2023-38259
- CVE-2023-38564
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32442
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-32654
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-38608
- CVE-2023-38605
- CVE-2023-40397
- CVE-2023-38572
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38597
- CVE-2023-38133
- CVE-2023-40442
- CVE-2023-41990
- CVE-2023-32422
- CVE-2023-38136
- CVE-2023-41995
- CVE-2023-40400
- CVE-2023-40394
- CVE-2023-32437
- CVE-2023-23540
- CVE-2023-32409
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-38606.
What products are affected by this vulnerability?
This vulnerability affects Apple tvOS up to version 16.6, Apple iOS up to version 16.6, Apple iPadOS up to version 16.6, Apple watchOS up to version 9.6, Apple macOS up to version 13.5, and Apple macOS Ventura up to version 13.5.
What is the severity of CVE-2023-38606?
The severity of CVE-2023-38606 is medium with a CVSS score of 5.5.
How can I fix the vulnerability?
To fix this vulnerability, update to the latest versions of macOS Monterey, iOS, iPadOS, tvOS, macOS Big Sur, macOS Ventura, and watchOS as mentioned in the references.
Where can I find more information about CVE-2023-38606?
You can find more information about CVE-2023-38606 in the provided references: [link1], [link2], [link3], [link4], [link5], [link6], [link7].
- zeroday/true
- agent/author
- agent/type
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-latest
- agent/remedy
- agent/weakness
- agent/title
- agent/severity
- agent/description
- agent/softwarecombine
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- collector/the-register
- source/The Register
- alias/CVE-2023-38606
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/apple
- canonical/apple ipados
- version/apple ipados/16.0
- canonical/apple iphone os
- version/apple iphone os/16.0
- canonical/apple macos
- version/apple macos/11.0
- version/apple macos/12.0.0
- version/apple macos/13.0
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple macos ventura
- canonical/apple macos big sur
- canonical/apple macos monterey
- canonical/apple ios
- canonical/apple multiple products