CVE-2023-42928 : The issue was addressed with improved bounds checks. This issue is fixed in iOS

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges.

Published 2024-02-21 07:15:51

Updated 2025-03-19 19:15:40

Source Apple Inc.

View at NVD, CVE.org

Products affected by CVE-2023-42928

Apple » Iphone Os
Versions before (<) 17.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Ipad Os
Versions before (<) 17.1
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.5	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-08-01
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-12-04
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Jump to