CVE-2023-42841: Buffer Overflow
First published: Wed Oct 25 2023(Updated: )
Pro Res. The issue was addressed with improved memory handling.
Credit: Mingxuan Yang @PPPF00L happybabywu Guang Gong 360 Vulnerability Research Institute product-security@apple.com Mingxuan Yang @PPPF00L 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research InstituteMingxuan Yang @PPPF00L 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research InstituteMingxuan Yang @PPPF00L 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research Institute
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Ventura | <13.6.1 | 13.6.1 |
| Apple iOS | <16.7.2 | 16.7.2 |
| Apple iPadOS | <16.7.2 | 16.7.2 |
| Apple iOS | <17.1 | 17.1 |
| Apple iPadOS | <17.1 | 17.1 |
| Apple macOS Sonoma | <14.1 | 14.1 |
| Apple iPadOS | <16.7.2 | |
| Apple iPadOS | >=17.0<17.1 | |
| Apple iPhone OS | <16.7.2 | |
| Apple iPhone OS | >=17.0<17.1 | |
| Apple macOS | >=13.0<13.6.1 | |
| Apple macOS | >=14.0<14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213981 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT213985 (Advisory)
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213985
- https://support.apple.com/kb/HT213981
- http://seclists.org/fulldisclosure/2023/Oct/23
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/26
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-42854
- CVE-2023-40413
- CVE-2023-42844
- CVE-2023-41077
- CVE-2023-40416
- CVE-2023-42848
- CVE-2023-40423
- CVE-2023-38403
- CVE-2023-42849
- CVE-2023-40446
- CVE-2023-42942
- CVE-2023-42856
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42889
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-40401
- CVE-2023-42841
- CVE-2023-42873
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-41254
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42952
- CVE-2023-42945
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-41989
- CVE-2023-42834
- CVE-2023-42953
- CVE-2023-42850
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40408
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-40404
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-41977
- CVE-2023-42438
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42878
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42843
- CVE-2023-41983
- CVE-2023-42846
- CVE-2023-32359
- CVE-2023-42928
- CVE-2023-42951
- CVE-2023-42855
- CVE-2023-40445
- CVE-2023-42939
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-42841.
What is the title of the vulnerability?
The title of the vulnerability is Pro Res. The issue was addressed with improved memory handling.
What is the description of the vulnerability?
The vulnerability allows an app to execute arbitrary code with kernel privileges and has been fixed in various Apple software versions.
Which Apple software versions are affected by this vulnerability?
The affected Apple software versions are macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2, and macOS Ventura 13.6.1.
How can I fix this vulnerability?
You can fix this vulnerability by updating to the following software versions: macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, and macOS Ventura 13.6.1.
- collector/mitre-cve
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/author
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/apple
- canonical/apple macos ventura
- canonical/apple macos sonoma
- canonical/apple ios
- canonical/apple ipados
- version/apple ipados/17.0
- canonical/apple iphone os
- version/apple iphone os/17.0
- canonical/apple macos
- version/apple macos/13.0
- version/apple macos/14.0