What is the severity of CVE-2023-42928?

CVE-2023-42928 has been assessed as a critical vulnerability due to its potential to allow an app to gain elevated privileges.

How do I fix CVE-2023-42928?

To mitigate CVE-2023-42928, update your device to iOS 17.1 or iPadOS 17.1.

What devices are affected by CVE-2023-42928?

CVE-2023-42928 affects devices running iOS versions prior to 17.1 and iPadOS versions prior to 17.1.

Is CVE-2023-42928 still a risk if my device is updated?

No, updating to iOS 17.1 or iPadOS 17.1 resolves the risk associated with CVE-2023-42928.

What type of vulnerability is CVE-2023-42928?

CVE-2023-42928 is a privilege escalation vulnerability due to inadequate bounds checking.

Vulnerability/
CVE-2023-42928

high

8.4

CWE

276

25/10/2023

21/2/2024

19/3/2025

CVE-2023-42928

First published: Wed Oct 25 2023(Updated: )

Automation. The issue was addressed with improved checks.

Credit: Peter Nguyễn Vũ Hoàng @peternguyen14 STAR Labs SG Pte product-security@apple.com Adam M. Csaba Fitzl @theevilbit Offensive SecurityMichael (Biscuit) Thomas - @social.lol @biscuit JZ an anonymous researcher Linus Henze Pinauten GmbHinooo Mickey Jin @patch1t Grzegorz Riegel Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncBistrit Dahal Mingxuan Yang @PPPF00L 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research Institute 360 Vulnerability Research InstituteAdis Alic Yiğit Can YILMAZ @yilmazcanyigit Sam Lakmaker Kirin @Pwnrin SecuRingWojciech Regula SecuRing Computer ScienceCristian Dinca Computer ScienceRomania CVE-2023-42946 Ting Ding James Mancz Omar Shibli Lorenzo Cavallaro Harry Lewandowski 이준성(Junsung Lee) Cross Republic이준성(Junsung Lee) Pedro Ribeiro @pedrib1337 Agile Information SecurityVitor Pedreira @0xvhp_ Agile Information SecurityKacper Kwapisz @KKKas_ Abhay Kailasia @abhay_kailasia Lakshmi Narain College Of Technology Bhopal IndiaZhipeng Huo @R3dF09 Tencent Security Xuanwu LabNoah Roskin-Frazee Pr Tomi Tokics @tomitokics iTomsn0wCVE-2023-42823

Affected Software	Affected Version	How to fix
iPadOS	<17.1
iPhone OS	<17.1
Apple iOS and iPadOS	<17.1	17.1
Apple iOS, iPadOS, and macOS	<17.1	17.1

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213982 (Advisory)
https://support.apple.com/en-us/109052 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2023-42928?
CVE-2023-42928 has been assessed as a critical vulnerability due to its potential to allow an app to gain elevated privileges.
How do I fix CVE-2023-42928?
To mitigate CVE-2023-42928, update your device to iOS 17.1 or iPadOS 17.1.
What devices are affected by CVE-2023-42928?
CVE-2023-42928 affects devices running iOS versions prior to 17.1 and iPadOS versions prior to 17.1.
Is CVE-2023-42928 still a risk if my device is updated?
No, updating to iOS 17.1 or iPadOS 17.1 resolves the risk associated with CVE-2023-42928.
What type of vulnerability is CVE-2023-42928?
CVE-2023-42928 is a privilege escalation vulnerability due to inadequate bounds checking.

agent/first-publish-date
agent/type
agent/event
agent/severity
agent/trending
agent/source
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/apple-support
source/Apple
alias/CVE-2023-41072
alias/CVE-2023-42857
alias/CVE-2023-40449
alias/CVE-2023-42823
alias/CVE-2023-42928
alias/CVE-2023-40413
alias/CVE-2023-42834
alias/CVE-2023-42953
alias/CVE-2023-40416
alias/CVE-2023-42848
alias/CVE-2023-40423
alias/CVE-2023-42849
alias/CVE-2023-40446
alias/CVE-2023-42942
alias/CVE-2023-40408
alias/CVE-2023-42846
alias/CVE-2023-42847
alias/CVE-2023-42845
alias/CVE-2023-42841
alias/CVE-2023-42873
alias/CVE-2023-42951
alias/CVE-2023-42836
alias/CVE-2023-42839
alias/CVE-2023-42855
alias/CVE-2023-42878
alias/CVE-2023-41982
alias/CVE-2023-41997
alias/CVE-2023-41988
alias/CVE-2023-42946
alias/CVE-2023-40445
alias/CVE-2023-41254
alias/CVE-2023-40447
alias/CVE-2023-41976
alias/CVE-2023-42852
alias/CVE-2023-42843
alias/CVE-2023-42939
alias/CVE-2023-41983
vendor/apple
canonical/ipados
canonical/iphone os
canonical/apple ios and ipados
canonical/apple ios, ipados, and macos