CVE-2023-41991
A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
| Software | From | Fixed in |
|---|---|---|
| apple / macos | 13.0 | 13.6 |
| apple / iphone_os | - | 16.7 |
| apple / ipados | - | 16.7 |
| apple / iphone_os | 17.0 | 17.0.x |
| apple / ipados | 17.0 | 17.0.x |
- http://seclists.org/fulldisclosure/2023/Oct/4
- http://seclists.org/fulldisclosure/2023/Oct/5
- http://seclists.org/fulldisclosure/2023/Sep/14
- http://seclists.org/fulldisclosure/2023/Sep/15
- http://seclists.org/fulldisclosure/2023/Sep/16
- http://seclists.org/fulldisclosure/2023/Sep/17
- http://seclists.org/fulldisclosure/2023/Sep/19
- https://support.apple.com/en-us/HT213926
- https://support.apple.com/en-us/HT213927
- https://support.apple.com/en-us/HT213928
- https://support.apple.com/en-us/HT213929
- https://support.apple.com/en-us/HT213931
- https://support.apple.com/kb/HT213926
- https://support.apple.com/kb/HT213927
- https://support.apple.com/kb/HT213931
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime