CVE-2023-41988: Infoleak

Reference Links

• https://support.apple.com/en-us/HT213982 (Advisory)
• https://support.apple.com/en-us/HT213984 (Advisory)
• https://support.apple.com/en-us/HT213988 (Advisory)
• https://support.apple.com/kb/HT213982
• https://support.apple.com/kb/HT213984
• https://support.apple.com/kb/HT213988
• http://seclists.org/fulldisclosure/2023/Oct/19
• http://seclists.org/fulldisclosure/2023/Oct/24
• http://seclists.org/fulldisclosure/2023/Oct/25

Parent vulnerabilities

(Appears in the following advisories)

• HT213988
• HT213982
• HT213984

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2023-42823
• CVE-2023-40413
• CVE-2023-42834
• CVE-2023-42953
• CVE-2023-42848
• CVE-2023-42849
• CVE-2023-42942
• CVE-2023-40408
• CVE-2023-42846
• CVE-2023-42839
• CVE-2023-42878
• CVE-2023-41982
• CVE-2023-41997
• CVE-2023-41988
• CVE-2023-42946
• CVE-2023-41254
• CVE-2023-40447
• CVE-2023-41976
• CVE-2023-42852
• CVE-2023-42952
• CVE-2023-41072
• CVE-2023-42857
• CVE-2023-40449
• CVE-2023-42928
• CVE-2023-40416
• CVE-2023-40423
• CVE-2023-40446
• CVE-2023-42847
• CVE-2023-42845
• CVE-2023-42841
• CVE-2023-42873
• CVE-2023-42951
• CVE-2023-42836
• CVE-2023-42855
• CVE-2023-40445
• CVE-2023-42843
• CVE-2023-42939
• CVE-2023-41983
• CVE-2023-30774
• CVE-2023-40444
• CVE-2023-42945
• CVE-2023-41989
• CVE-2023-42854
• CVE-2023-42844
• CVE-2023-38403
• CVE-2023-42850
• CVE-2023-42861
• CVE-2023-42935
• CVE-2023-40405
• CVE-2023-28826
• CVE-2023-42856
• CVE-2023-40404
• CVE-2023-42859
• CVE-2023-42877
• CVE-2023-42840
• CVE-2023-42853
• CVE-2023-42860
• CVE-2023-42889
• CVE-2023-42838
• CVE-2023-42835
• CVE-2023-41977
• CVE-2023-42438
• CVE-2023-36191
• CVE-2023-40421
• CVE-2023-42842
• CVE-2023-4733
• CVE-2023-4734
• CVE-2023-4735
• CVE-2023-4736
• CVE-2023-4738
• CVE-2023-4750
• CVE-2023-4751
• CVE-2023-4752
• CVE-2023-4781
• CVE-2023-41975
• CVE-2023-42858

Frequently Asked Questions

• What is the vulnerability ID for this issue?

  The vulnerability ID for this issue is CVE-2023-41988.

• What is the title of this vulnerability?

  The title of this vulnerability is 'Siri. This issue was addressed by restricting options offered on a locked device.'

• How was this issue addressed?

  This issue was addressed by restricting options offered on a locked device.

• Which software versions are affected by this vulnerability?

  The macOS Sonoma version up to 14.1, watchOS version up to 10.1, iOS version up to 17.1, and iPadOS version up to 17.1 are affected by this vulnerability.

• Is there a fix available for this vulnerability?

  Yes, this vulnerability is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1, and iPadOS 17.1.

• What can an attacker with physical access do?

  An attacker with physical access may be able to use Siri to access sensitive user data.

• Are there any resources for more information about this vulnerability?

  Yes, you can find more information about this vulnerability at the following references: [Link 1](https://support.apple.com/en-us/HT213984), [Link 2](https://support.apple.com/en-us/HT213988), [Link 3](https://support.apple.com/en-us/HT213982).