CVE-2023-41232: Input Validation
Published Sep 18, 2023
·Updated
Accessibility. This issue was addressed with improved redaction of sensitive information.
Credit
Liang Wei(PixiePoint Security), Mohamed GHANNAM@@_simo36, Ye Zhang@@VAR10CK(Baidu Security), Tim Michaud@@TimGMichaud(Moveworks), Chris Ross (Zoom), JeongOhKyea(Theori), 이준성(Junsung Lee)(Cross Republic), Mickey Jin@@patch1t, Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Linus Henze(Pinauten GmbH), Bill Marczak(The Citizen Lab at The University of Toronto's Munk School), Maddie Stone(Google's Threat Analysis Group), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Dohyun Lee@@l33d0hyun(PK Security), Adam M.(SecuRing), (SecuRing), Wojciech Regula(SecuRing), Certik Skyfall Team, Yiğit Can YILMAZ@@yilmazcanyigit, Kirin@@Pwnrin, James Hutchins, pattern-f@@pattern_F_(Ant Security Light), Wojciech Reguła@@_r3ggi, Csaba Fitzl@@theevilbit(Offensive Security), zer0k, Adam M., Noah Roskin-Frazee, Professor Jason Lau (ZeroClicks.ai Lab), Will Brattain at Trail(Bits), Kirin@@Pwnrin(NorthSea), Zhice Yang (ShanghaiTech University), Antonio Zekic@@antoniozekic(Dataflow Security), Ron Masas(Imperva), Mikko Kenttälä )@@Turmio_(SensorFu), Certik Skyfall Team(Ant Security Light), Zweig(Kunlun Lab), Félix Poulin-Bélanger, Michael (Biscuit) Thomas, 张师傅(@京东蓝军), Joseph Ravichandran@@0xjprx(MIT CSAIL), Sei K., Adam M.(BreakPoint Security Research), (BreakPoint Security Research), Ron Masas(BreakPoint Security Research), Gergely Kalman@@gergely_kalman, weize she, an anonymous researcher, Berke Kırbaş, Harsh Jaiswal, Tomi Tokics@@tomitokics(iTomsn0w), Adriatik Raci(Sentry Cybersecurity), Narendra Bhati (twitter.com/imnarendrabhati)(Suma Soft Pvt), Pune (India), Kenneth Chew, Arsenii Kostromin (0x3c3e), Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College Of Technology Bhopal), Brian McNulty(Offensive Security), Arsenii Kostromin (0x3c3e)(Offensive Security), Joshua Jewett@@JoshJewett33(Offensive Security), (Offensive Security), Francisco Alonso@@revskills(PK Security), (PK Security), Francisco Alonso@@revskills, Jie Ding@@Lime(HKUS3 Lab), Dong Jun Kim@@smlijun(AbyssLab), Jong Seong Kim@@nevul37(AbyssLab), zhunki, 이준성(Junsung Lee), Claire Houston, Anonymous, Wang Yu(Cyberserval), w0wbox
Affected Software
10 affected componentsFixes available
macOS<12.7
12.7
macOS Ventura<13.6
13.6
Apple iOS and iPadOS<17
17
Apple iOS, iPadOS, and macOS<17
17
Apple iOS and iPadOS<16.7
16.7
Apple iOS, iPadOS, and macOS<16.7
16.7
Apple iOS, iPadOS, and macOS<16.7
iPhone OS<16.7
macOS>=12.0.0<12.7
macOS>=13.0<13.6
Event History
Sep 18, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Sep 21, 2023
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Sep 26, 2023
CVE Published
via MITRE·08:14 PM
Data Sourced
via MITRE·08:14 PM
DescriptionWeakness
Sep 27, 2023
Data Sourced
via NVD·03:19 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is CVE-2023-41232?
CVE-2023-41232 is a vulnerability related to Biometric Authentication in Apple iOS and iPadOS that allowed for an out-of-bounds read, which has been addressed with improved bounds checking.
2
How severe is CVE-2023-41232?
CVE-2023-41232 severity is not specified in the information provided.
3
Which software versions are affected by CVE-2023-41232?
CVE-2023-41232 affects Apple iOS up to, but not including, version 17, and Apple iPadOS up to, but not including, version 17.
4
How can I fix CVE-2023-41232?
To fix CVE-2023-41232, it is recommended to update your Apple iOS or iPadOS device to version 17 or above, as the vulnerability has been addressed in those versions.
5
Where can I find more information about CVE-2023-41232?
You can find more information about CVE-2023-41232 in the reference provided by Apple: https://support.apple.com/en-us/HT213938