CVE-2023-40423: Buffer Overflow
First published: Wed Oct 25 2023(Updated: )
IOTextEncryptionFamily. The issue was addressed with improved memory handling.
Credit: an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.7.2 | 16.7.2 |
| Apple iPadOS | <16.7.2 | 16.7.2 |
| Apple iOS | <17.1 | 17.1 |
| Apple iPadOS | <17.1 | 17.1 |
| <12.7.1 | 12.7.1 | |
| Apple macOS Sonoma | <14.1 | 14.1 |
| Apple macOS Ventura | <13.6.1 | 13.6.1 |
| Apple iPadOS | <16.7.2 | |
| Apple iPadOS | >=17.0<17.1 | |
| Apple iPhone OS | <16.7.2 | |
| Apple iPhone OS | >=17.0<17.1 | |
| Apple macOS | >=12.0.0<12.7.1 | |
| Apple macOS | >=13.0<13.6.1 | |
| Apple macOS | >=14.0<14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213981 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://support.apple.com/en-us/HT213983 (Advisory)
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT213985 (Advisory)
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213985
- https://support.apple.com/kb/HT213981
- https://support.apple.com/kb/HT213983
- http://seclists.org/fulldisclosure/2023/Oct/23
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/21
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/26
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-42952
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-42854
- CVE-2023-40413
- CVE-2023-42844
- CVE-2023-40446
- CVE-2023-40416
- CVE-2023-40423
- CVE-2023-42849
- CVE-2023-42856
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42889
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-42873
- CVE-2023-40425
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-41077
- CVE-2023-42848
- CVE-2023-38403
- CVE-2023-42942
- CVE-2023-40401
- CVE-2023-42841
- CVE-2023-41254
- CVE-2023-40408
- CVE-2023-42846
- CVE-2023-41977
- CVE-2023-41997
- CVE-2023-41982
- CVE-2023-32359
- CVE-2023-40447
- CVE-2023-42852
- CVE-2023-41976
- CVE-2023-42843
- CVE-2023-41983
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-42928
- CVE-2023-42834
- CVE-2023-42953
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42951
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42855
- CVE-2023-42878
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-40445
- CVE-2023-42939
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42945
- CVE-2023-41989
- CVE-2023-42850
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-40404
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-42438
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-40423.
What is the title of the vulnerability?
The title of the vulnerability is IOTextEncryptionFamily.
What is the fix for the vulnerability?
The vulnerability is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1.
How can an app exploit this vulnerability?
An app may be able to execute arbitrary code with kernel privileges.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Apple support website: [https://support.apple.com/en-us/HT213981](https://support.apple.com/en-us/HT213981), [https://support.apple.com/en-us/HT213984](https://support.apple.com/en-us/HT213984), [https://support.apple.com/en-us/HT213985](https://support.apple.com/en-us/HT213985).
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/event
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/apple
- canonical/apple macos monterey
- canonical/apple macos ventura
- canonical/apple ios
- canonical/apple ipados
- version/apple ipados/17.0
- canonical/apple iphone os
- version/apple iphone os/17.0
- canonical/apple macos
- version/apple macos/12.0.0
- version/apple macos/13.0
- version/apple macos/14.0
- canonical/apple macos sonoma