- Description
- The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Code Execution Vulnerability
- Exploit added on
- Jan 8, 2024
- Exploit action due
- Jan 29, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
It never fails to amaze me how frequently ex-MWR researchers are referenced during conference talks 😍 Got to love seeing @alexjplaskett's name come up during @FuzzyAleks's talk into "Triangulating TrueType Fonts On macOS: Reconstructing CVE-2023-41990".
@_calumhall
6 Dec 2024
1389 Impressions
1 Retweet
23 Likes
2 Bookmarks
0 Replies
1 Quote
📜 Starting Day 2 Talks of #OBTS with a dive into the unexpected: “Triangulating TrueType Fonts On macOS: Reconstructing CVE-2023-41990” by Aleksandar Nikolic (@FuzzyAleks). Who knew a simple PDF and the Fonts could be transformed into a digital weapon? In this talk, Aleksandar…
@Mu55sy
6 Dec 2024
2915 Impressions
1 Retweet
7 Likes
2 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E276423-4032-4E12-AB11-88F7047E35EA",
"versionEndExcluding": "15.7.8"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84A6CE41-699B-4511-8B52-625F271CA9FE",
"versionEndExcluding": "16.3",
"versionStartIncluding": "16.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8635FA0F-1876-4E3A-B02D-31AEA459C38E",
"versionEndExcluding": "15.7.8"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08EA5BA7-5C1B-43E5-8988-22C33DAAE754",
"versionEndExcluding": "16.3",
"versionStartIncluding": "16.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32C6C615-0E8E-458B-88C6-A8BF29D3DB69",
"versionEndExcluding": "11.7.9"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE",
"versionEndExcluding": "12.6.8",
"versionStartIncluding": "12.0.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CEC72CB-1F5B-4BF5-80F0-357E27855D2A",
"versionEndExcluding": "13.2",
"versionStartIncluding": "13.0"
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51F6EA1D-B654-455F-AB85-2E3C486F0C81",
"versionEndExcluding": "16.3"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "870BF5F9-6408-4EB6-8821-1881E66B003B",
"versionEndExcluding": "9.3"
}
],
"operator": "OR"
}
]
}
]