CVE-2023-41991

Vulnerability updated 7 months ago (2024-05-04T20:41:38.126Z)

Download STIX

Preview STIX

CVE-2023-41991 is a critical software vulnerability discovered within Apple's Security framework, as part of an exploit chain that included two additional vulnerabilities (CVE-2023-41992 and CVE-2023-41993) found in the WebKit browser engine and Apple's kernel framework. These flaws were reported by researchers from Citizen Lab and Google's Threat Analysis Group (TAG) and were exploited to install the Predator spyware on iOS versions up to 16.6.1. The vulnerabilities also affected devices running iOS 17 prior to version 17.0.1 and iPadOS 17 prior to version 17.0.1. The identified vulnerabilities were exploited between May and September 2023 in a series of targeted attacks against former Egyptian MP Ahmed Eltantawy, who had announced his intentions to run for the Egyptian presidential election in 2024. The attackers used decoy SMS and WhatsApp messages to lure their target and leveraged these vulnerabilities to bypass signature validation with malicious apps or gain arbitrary code execution via maliciously crafted webpages. The exploitation involved network-based injection tactics, redirecting Eltantawy to malicious websites when he visited non-HTTPS sites. In response to these findings, Apple has promptly released security updates to address these three zero-day vulnerabilities. The patches underscore Apple's commitment to cybersecurity and its swift action to mitigate threats posed by these vulnerabilities. It is crucial for all users to update their devices to the latest software version to protect against potential exploitation of these vulnerabilities.

Description last updated: 2024-05-04T16:14:45.988Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apple

Ios

Exploit

Zero Day

IpadOS

Webkit

Spyware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Predator Malware is associated with CVE-2023-41991. Predator is a highly invasive malware known for its extensive data-stealing and surveillance capabilities. The malicious software, developed by the Intellexa Consortium, a complex international network of decentralized companies, can infect systems through suspicious downloads, emails, or websites a	Unspecified	3
The Predator Spyware Malware is associated with CVE-2023-41991. Predator Spyware is a malicious software known for its extensive data-stealing and surveillance capabilities. It has been designed to exploit and damage devices, often infiltrating systems via suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-41992 Vulnerability is associated with CVE-2023-41991. CVE-2023-41992 is a significant vulnerability discovered in Apple's Kernel Framework, which provides APIs and support for kernel extensions and kernel resident device drivers. This flaw in software design or implementation allows local attackers to exploit it and escalate their privileges within the	Unspecified	4
The CVE-2023-41993 Vulnerability is associated with CVE-2023-41991. CVE-2023-41993 is a software vulnerability discovered in Apple's WebKit browser engine. This flaw, along with two others (CVE-2023-41991 and CVE-2023-41992), was identified as being exploited in attacks in the wild, prompting Apple to release emergency security updates. These vulnerabilities allowed	Unspecified	4

Source Document References

Information about the CVE-2023-41991 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Apple Fixes Actively Exploited Zero-Days in iOS (CVE-2024-23225)
CERT-EU	10 months ago	Kaspersky releases utility to detect iOS spyware infections - Help Net Security
CERT-EU	a year ago	Apple emergency updates fix recent zero-days on older iPhones
CERT-EU	a year ago	CVE-2023-42916: Apple Zero-Days Exploited in the Wild
Securityaffairs	a year ago	Apple addressed 2 new iOS zero-day vulnerabilities
CERT-EU	a year ago	Recently patched Apple, Chrome zero-days exploited in spyware attacks
SANS ISC	a year ago	Apple Releases MacOS Sonoma Including Numerous Security Patches - SANS Internet Storm Center
CERT-EU	a year ago	Examining Predator Mercenary Spyware
Securityaffairs	a year ago	Apple releases iOS 16 update to fix CVE-2023-42824 on older devices
CERT-EU	a year ago	Apple fixes iOS Kernel zero-day vulnerability on older iPhones
CERT-EU	a year ago	Independently Confirming Amnesty Security Lab’s finding of Predator targeting of U.S. & other elected officials on Twitter/X - The Citizen Lab
Securityaffairs	a year ago	A WhatsApp zero-day exploit can cost several million dollars
CERT-EU	a year ago	Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
Securityaffairs	a year ago	Apple fixed the 17th zero-day flaw exploited in attacks
InfoSecurity-magazine	a year ago	Predator Spyware Linked to Madagascar’s Government Ahead of Election
CERT-EU	a year ago	Apple ออกแพตซ์อัปเดตเร่งด่วน หลังพบช่องโหว่ Zero-Days ใหม่ 3 รายการ กำลังถูกใช้ในการโจมตี - Bangkok, Thailand \| i-secure Co, Ltd.
CERT-EU	a year ago	Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
CERT-EU	a year ago	Active Exploitation of Zero-Day Vulnerabilities in Apple Products
CERT-EU	a year ago	3 New Apple Zero-day Vulnerabilities Patched in Emergency Update
CISA	a year ago	CISA Adds Three Known Exploited Vulnerabilities to Catalog \| CISA