CVE-2023-41990 — Apple Multiple Products Code Execution Vulnerability
2024-01-08 • CISA Known Exploited Vulnerability
[event] Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Apple |
| Product | Multiple Products |
| CVE ID | CVE-2023-41990 |
| Date Added | 2024-01-08 |
| Due Date | 2024-01-29 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-01-29
> REFERENCES
- [1] https://support.apple.com/en-us/HT213599,
- [2] https://support.apple.com/en-us/HT213601,
- [3] https://support.apple.com/en-us/HT213605,
- [4] https://support.apple.com/en-us/HT213606,
- [5] https://support.apple.com/en-us/HT213842,
- [6] https://support.apple.com/en-us/HT213844,
- [7] https://support.apple.com/en-us/HT213845
- [8] https://nvd.nist.gov/vuln/detail/CVE-2023-41990