CVE-2023-41993

Vulnerability updated a month ago (2024-11-29T14:33:07.905Z)
Download STIX
Preview STIX
CVE-2023-41993 is a software vulnerability discovered in Apple's WebKit browser engine. This flaw, along with two others (CVE-2023-41991 and CVE-2023-41992), was identified as being exploited in attacks in the wild, prompting Apple to release emergency security updates. These vulnerabilities allowed attackers to bypass signature validation using malicious apps or gain arbitrary code execution through maliciously crafted webpages. In mid-September, researchers from Citizen Lab and Google’s Threat Analysis Group (TAG) revealed that these three zero-day vulnerabilities were used as part of an exploit chain to install Cytrox Predator spyware. The spyware targeted iPhone and Mac users, marking a significant threat to Apple's user base. The discovery led to an immediate response from Apple, which has now fixed a total of 16 zero-days this year. Apple's prompt action underscores the severity of the situation and the potential damage these vulnerabilities could have caused if left unaddressed. Users are strongly advised to update their devices to the latest versions to benefit from these security patches. Additionally, ongoing vigilance and adherence to safe online practices are recommended to mitigate the risk of future exploits.
Description last updated: 2024-05-04T16:14:57.106Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apple
Exploit
IpadOS
Spyware
Zero Day
Ios
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Predator Malware is associated with CVE-2023-41993. Predator is a highly invasive malware known for its extensive data-stealing and surveillance capabilities. The malicious software, developed by the Intellexa Consortium, a complex international network of decentralized companies, can infect systems through suspicious downloads, emails, or websites aUnspecified
3
The Predator Spyware Malware is associated with CVE-2023-41993. Predator Spyware is a malicious software known for its extensive data-stealing and surveillance capabilities. It has been designed to exploit and damage devices, often infiltrating systems via suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-41991 Vulnerability is associated with CVE-2023-41993. CVE-2023-41991 is a critical software vulnerability discovered within Apple's Security framework, as part of an exploit chain that included two additional vulnerabilities (CVE-2023-41992 and CVE-2023-41993) found in the WebKit browser engine and Apple's kernel framework. These flaws were reported byUnspecified
4
The CVE-2023-41992 Vulnerability is associated with CVE-2023-41993. CVE-2023-41992 is a significant vulnerability discovered in Apple's Kernel Framework, which provides APIs and support for kernel extensions and kernel resident device drivers. This flaw in software design or implementation allows local attackers to exploit it and escalate their privileges within theUnspecified
2
Source Document References
Information about the CVE-2023-41993 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
4 months ago
InfoSecurity-magazine
4 months ago
Securityaffairs
4 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
SANS ISC
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago