Rewterz Threat Advisory – Multiple Apple watchOS Vulnerabilities
September 28, 2023Rewterz Threat Advisory – CVE-2023-40435 – Apple Xcode Vulnerability
September 28, 2023Rewterz Threat Advisory – Multiple Apple watchOS Vulnerabilities
September 28, 2023Rewterz Threat Advisory – CVE-2023-40435 – Apple Xcode Vulnerability
September 28, 2023Severity
High
Analysis Summary
CVE-2023-40443 CVSS:7.8
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Spotlight component. By using a specially crafted application, an attacker could exploit this vulnerability to gain root privileges on the system.
CVE-2023-40431 CVSS:7.8
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an issue in the GPU Drivers component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
CVE-2023-40428 CVSS:5.5
Apple iOS 16.5 and iPadOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-40443
- CVE-2023-40431
- CVE-2023-40428
Affected Vendors
Apple
Affected Products
- Apple iOS 16.4
- Apple iPadOS 16.4
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.