What is the severity of CVE-2023-42855?

CVE-2023-42855 is considered a moderate vulnerability that allows an attacker with physical access to potentially persist an Apple ID on an erased device.

How do I fix CVE-2023-42855?

To fix CVE-2023-42855, update your device to iOS 17.1 or iPadOS 17.1.

Who is affected by CVE-2023-42855?

CVE-2023-42855 affects users of Apple devices running iOS and iPadOS versions prior to 17.1.

What does CVE-2023-42855 exploit?

CVE-2023-42855 exploits issues with state management in the Setup Assistant on Apple devices.

Is there a workaround for CVE-2023-42855?

There is no known workaround for CVE-2023-42855 aside from upgrading to the latest software version.

Vulnerability/
CVE-2023-42855

medium

4.6

25/10/2023

21/2/2024

3/12/2024

CVE-2023-42855

First published: Wed Oct 25 2023(Updated: )

Automation. The issue was addressed with improved checks.

Credit: Sam Lakmaker product-security@apple.com an anonymous researcher Linus Henze Pinauten GmbHinooo Mickey Jin @patch1t Grzegorz Riegel Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncBistrit Dahal Mingxuan Yang @PPPF00L 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research Institute 360 Vulnerability Research InstituteAdis Alic Yiğit Can YILMAZ @yilmazcanyigit Kirin @Pwnrin SecuRingWojciech Regula SecuRing Computer ScienceCristian Dinca Computer ScienceRomania CVE-2023-42946 Ting Ding James Mancz Omar Shibli Lorenzo Cavallaro Harry Lewandowski 이준성(Junsung Lee) Cross Republic이준성(Junsung Lee) Pedro Ribeiro @pedrib1337 Agile Information SecurityVitor Pedreira @0xvhp_ Agile Information SecurityKacper Kwapisz @KKKas_ Abhay Kailasia @abhay_kailasia Lakshmi Narain College Of Technology Bhopal IndiaJZ Csaba Fitzl @theevilbit Offensive SecurityMichael (Biscuit) Thomas - @social.lol @biscuit Peter Nguyễn Vũ Hoàng @peternguyen14 STAR Labs SG PteAdam M. Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabNoah Roskin-Frazee Pr Tomi Tokics @tomitokics iTomsn0wCVE-2023-42823

Affected Software	Affected Version	How to fix
iPadOS	<17.1
iPhone OS	<17.1
Apple iOS and iPadOS	<17.1	17.1
Apple iOS, iPadOS, and macOS	<17.1	17.1

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213982 (Advisory)
https://support.apple.com/kb/HT213982
https://support.apple.com/en-us/109052 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2023-42855?
CVE-2023-42855 is considered a moderate vulnerability that allows an attacker with physical access to potentially persist an Apple ID on an erased device.
How do I fix CVE-2023-42855?
To fix CVE-2023-42855, update your device to iOS 17.1 or iPadOS 17.1.
Who is affected by CVE-2023-42855?
CVE-2023-42855 affects users of Apple devices running iOS and iPadOS versions prior to 17.1.
What does CVE-2023-42855 exploit?
CVE-2023-42855 exploits issues with state management in the Setup Assistant on Apple devices.
Is there a workaround for CVE-2023-42855?
There is no known workaround for CVE-2023-42855 aside from upgrading to the latest software version.

agent/first-publish-date
agent/type
collector/mitre-cve
source/MITRE
agent/event
agent/severity
agent/last-modified-date
agent/trending
agent/source
agent/references
agent/author
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/apple-support
source/Apple
alias/CVE-2023-42878
alias/CVE-2023-41982
alias/CVE-2023-41997
alias/CVE-2023-41988
alias/CVE-2023-42946
alias/CVE-2023-40445
alias/CVE-2023-41254
alias/CVE-2023-40447
alias/CVE-2023-41976
alias/CVE-2023-42852
alias/CVE-2023-42843
alias/CVE-2023-42939
alias/CVE-2023-41983
alias/CVE-2023-42845
alias/CVE-2023-42841
alias/CVE-2023-42873
alias/CVE-2023-42951
alias/CVE-2023-42836
alias/CVE-2023-42839
alias/CVE-2023-42855
alias/CVE-2023-41072
alias/CVE-2023-42857
alias/CVE-2023-40449
alias/CVE-2023-42823
alias/CVE-2023-42928
alias/CVE-2023-40413
alias/CVE-2023-42834
alias/CVE-2023-42953
alias/CVE-2023-40416
alias/CVE-2023-42848
alias/CVE-2023-40423
alias/CVE-2023-42849
alias/CVE-2023-40446
alias/CVE-2023-42942
alias/CVE-2023-40408
alias/CVE-2023-42846
alias/CVE-2023-42847
vendor/apple
canonical/ipados
canonical/iphone os
canonical/apple ios and ipados
canonical/apple ios, ipados, and macos