Detections
Analytics

CVE-2023-41991

medium

Description

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

References

https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html

https://www.bleepingcomputer.com/news/apple/apple-fixes-webkit-zero-day-exploited-in-extremely-sophisticated-attacks/

https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks/

https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/

https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf

https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991

https://support.apple.com/kb/HT213931

https://support.apple.com/kb/HT213927

https://support.apple.com/en-us/HT213931

https://support.apple.com/en-us/HT213927

Details

Source: Mitre, NVD

Published: 2023-09-21

Updated: 2025-11-05

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.07897