First published: Mon Sep 18 2023(Updated: )
Airport. A permissions issue was addressed with improved redaction of sensitive information.
Credit: Mohamed GHANNAM @_simo36 Ye Zhang @VAR10CK Baidu Security product-security@apple.com Tim Michaud @TimGMichaud MoveworksMickey Jin @patch1t Wojciech Reguła @_r3ggi Kirin @Pwnrin Chris Ross (Zoom) Csaba Fitzl @theevilbit Offensive Securityzer0k Yiğit Can YILMAZ @yilmazcanyigit Koh M. Nakagawa @tsunek0h Adam M. Noah Roskin-Frazee Professor Jason Lau (ZeroClicks.ai Lab) Yishu Wang Will Brattain at Trail BitsCristian Dinca Computer ScienceRomania JeongOhKyea Theori이준성(Junsung Lee) Cross RepublicKirin @Pwnrin NorthSeaWojciech Regula SecuRingHalle Winkler Politepix @hallewinkler Sei K. Noah Roskin-Frazee Offensive SecurityPr Offensive Security Offensive SecurityAntonio Zekic @antoniozekic Dataflow SecurityRon Masas ImpervaMurray Mike Mikko Kenttälä ) @Turmio_ SensorFuCertik Skyfall Team Certik Skyfall Team Ant Security Light Ant Security Lightpattern-f @pattern_F_ Ant Security LightZweig Kunlun LabLinus Henze Pinauten GmbHPan ZhenPeng @Peterpan0927 STAR Labs SG PteMichael (Biscuit) Thomas 张师傅(@京东蓝军) Joseph Ravichandran @0xjprx MIT CSAILFerdous Saljooki @malwarezoo Jamf Softwarean anonymous researcher Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabDohyun Lee @l33d0hyun PK SecurityAdam M. SecuRing SecuRingAdam M. BreakPoint Security Research BreakPoint Security ResearchRon Masas BreakPoint Security ResearchMeng Zhang (鲸落) NorthSeaBrian McNulty Texts TextsKishan Bagaria TextsMichael DePlante @izobashi Trend Micro Zero Day InitiativeGergely Kalman @gergely_kalman baba yaga weize she Berke Kırbaş Harsh Jaiswal Serkan Erayabakan George Mason UniversityDavid Kotval George Mason UniversityAkincibor George Mason UniversitySina Ahmadi George Mason UniversityBilly Tabrizi Kirin @Pwnrin SecuRingTomi Tokics @tomitokics iTomsn0wLuan Herrera @lbherrera_ Adriatik Raci Sentry CybersecurityNarendra Bhati (twitter.com/imnarendrabhati) Suma Soft PvtPune (India) Noah Roskin-Frazee (ZeroClicks.ai Lab) James Duffy (mangoSecure) Ron Masas BreakPointJames Hutchins Thijs Alkemade @xnyhps Computest Sector 7Andrew Haggard Arsenii Kostromin (0x3c3e) Offensive SecurityJoshua Jewett @JoshJewett33 Offensive SecurityFrancisco Alonso @revskills PK Security PK SecurityFrancisco Alonso @revskills Jie Ding @Lime HKUS3 LabAjou University Abysslab Dong Jun Kim @smlijun Jong Seong Kim @nevul37 Bill Marczak The Citizen Lab at The University of Toronto's Munk SchoolMaddie Stone Google's Threat Analysis GroupClaire Houston Anonymous Dong Jun Kim @smlijun AbyssLab AbyssLabJong Seong Kim @nevul37 AbyssLabWang Yu CyberservalAn anonymous researcher MacEnhanceJeremy Legendre MacEnhanceFelix Kratz ABC Research s.r.o. w0wbox
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14 | 14 |
Apple iOS, iPadOS, and watchOS | <17 | 17 |
Apple iOS, iPadOS, and watchOS | <17 | 17 |
Apple iOS, iPadOS, and watchOS | <17.0 | |
iStyle @cosme iPhone OS | <17.0 | |
Apple iOS and macOS | <14.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-42871 has a high severity rating due to multiple vulnerabilities that could lead to unauthorized access and data exposure.
To fix CVE-2023-42871, users should update their iOS, iPadOS, or macOS devices to the latest version released by Apple.
CVE-2023-42871 affects Apple iOS, iPadOS, and macOS versions up to specific release numbers.
CVE-2023-42871 includes a permissions issue, buffer overflow, and improved memory handling vulnerabilities.
Yes, CVE-2023-42871 falls under common security risks faced by users of Apple's operating systems.