CVE-2023-41991

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-41991

CWE

https://cwe.mitre.org/data/definitions/295.html

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	16.7 (excluding)
Ipados	Apple	17.0 (including)	17.0 (including)
Iphone_os	Apple	*	16.7 (excluding)
Iphone_os	Apple	17.0 (including)	17.0 (including)
Macos	Apple	13.0 (including)	13.6 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

https://support.apple.com/en-us/HT213927
https://support.apple.com/en-us/HT213931

Improper Certificate Validation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References