CVE-2023-41061

Vulnerability updated 7 days ago (2024-11-29T14:21:26.466Z)
Download STIX
Preview STIX
CVE-2023-41061 is a significant software vulnerability that was discovered in Apple's Wallet frameworks. This flaw allows for remote code execution, making it possible for malicious actors to execute arbitrary code on vulnerable devices through the manipulation of a "validation issue". The discovery and subsequent exploitation of this vulnerability were part of a broader cybersecurity narrative involving several zero-day exploits. In September 2023, Citizen Lab disclosed the existence of CVE-2023-41061 along with other zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993). These vulnerabilities were exploited as part of a sophisticated zero-click exploit chain named BLASTPASS, which was used to infect fully patched iPhones with NSO Group's Pegasus spyware. Prior to this, Apple had released patches for another vulnerability (CVE-2023-41990) in January 2023 but only made details about its exploitation public on September 8, 2023, when it also shipped iOS 16.6.1 to resolve CVE-2023-41061 and CVE-2023-41064. Apple acted swiftly upon these disclosures, issuing emergency security updates to address the vulnerabilities. However, reports indicate that these vulnerabilities, including CVE-2023-41061, continued to be actively exploited. The unfolding situation underscored the complexity of maintaining robust cybersecurity measures, even within highly secure ecosystems like Apple's. It also highlighted the importance of continuous vigilance and rapid response to new threats in the ever-evolving landscape of cyber threats.
Description last updated: 2024-05-04T16:08:51.610Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apple
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Pegasus Malware is associated with CVE-2023-41061. Pegasus is a highly controversial and sophisticated malware, developed by Israel's NSO Group, designed to covertly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detecUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-41064 Vulnerability is associated with CVE-2023-41061. CVE-2023-41064 is a software vulnerability, specifically a buffer overflow issue found in the iOS ImageIO component. This flaw was discovered and reported by researchers at Citizen Lab in early September. It was being actively exploited as part of an exploit chain, along with another vulnerability (Unspecified
2
Source Document References
Information about the CVE-2023-41061 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
21 days ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago