CVE-2023-41064

Vulnerability updated 5 months ago (2024-05-04T19:06:58.107Z)

Download STIX

Preview STIX

CVE-2023-41064 is a software vulnerability, specifically a buffer overflow issue found in the iOS ImageIO component. This flaw was discovered and reported by researchers at Citizen Lab in early September. It was being actively exploited as part of an exploit chain, along with another vulnerability (CVE-2023-41061), to infect devices with NSO Group's Pegasus spyware. Both vulnerabilities were rapidly addressed by Apple, which issued two CVEs and advised all users to install new security patches. The exploitation of CVE-2023-41064 was consistent with NSO Group's BLASTPASS exploit, as confirmed by Amnesty International. After the discovery, Apple promptly patched this vulnerability through a software update in September. Despite the severity of the vulnerability, Apple noted that it did not seem to affect devices that had its "Lockdown Mode" enabled. This mode restricts non-essential iOS features to reduce the device's overall attack surface and is designed for users who may be subject to targeted attacks. Citizen Lab's quick identification and reporting of these zero-day flaws, coupled with Apple's rapid response and patch cycle, played a critical role in mitigating the potential damage. The incident underscores the importance of collaboration between cybersecurity researchers, organizations, and software developers in identifying and addressing security threats. The affected victims and their organizations also played a key role in this collaborative effort.

Description last updated: 2024-05-04T16:08:49.879Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apple

Exploit

Vulnerability

Ios

Spyware

Google

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Pegasus Malware is associated with CVE-2023-41064. Pegasus is a sophisticated malware developed by the Israeli company, NSO Group. It is a zero-click espionage tool that can be deployed without user interaction, making it highly effective and intrusive. The spyware was used to target various individuals, including Russian journalist Galina Timchenko	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-41061 Vulnerability is associated with CVE-2023-41064. CVE-2023-41061 is a significant software vulnerability that was discovered in Apple's Wallet frameworks. This flaw allows for remote code execution, making it possible for malicious actors to execute arbitrary code on vulnerable devices through the manipulation of a "validation issue". The discovery	Unspecified	2

Source Document References

Information about the CVE-2023-41064 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	7 months ago	Apple Fixes Actively Exploited Zero-Days in iOS (CVE-2024-23225)
CERT-EU	9 months ago	Kaspersky releases utility to detect iOS spyware infections - Help Net Security
CERT-EU	10 months ago	Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature
CERT-EU	10 months ago	Pegasus Spyware found on Indian journalists’ phones after Apple alert: Amnesty International
CERT-EU	10 months ago	Apple emergency updates fix recent zero-days on older iPhones
CERT-EU	a year ago	CVE-2023-42916: Apple Zero-Days Exploited in the Wild
Securityaffairs	a year ago	Apple addressed 2 new iOS zero-day vulnerabilities
CERT-EU	a year ago	Recently patched Apple, Chrome zero-days exploited in spyware attacks
Securityaffairs	a year ago	Apple releases iOS 16 update to fix CVE-2023-42824 on older devices
CERT-EU	a year ago	Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Securityaffairs	a year ago	Apple fixed the 17th zero-day flaw exploited in attacks
CERT-EU	a year ago	Companies Address Impact of Exploited Libwebp Vulnerability
CERT-EU	a year ago	CISA adds latest Chrome zero-day to KEV Catalog
DARKReading	a year ago	Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
Malwarebytes	a year ago	Pegasus spyware and how it exploited a WebP vulnerability
CERT-EU	a year ago	This zero day vulnerability could you used to hack into iPhone, Android, Chrome and many other software
CERT-EU	a year ago	Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity
Securityaffairs	a year ago	Watch out! CVE-2023-5129 in libwebp library affects millions apps
CERT-EU	a year ago	Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
CERT-EU	a year ago	Google assigns new maximum rated CVE to libwebp bug exploited in attacks