CVE-2023-41991 — Apple Multiple Products Improper Certificate Validation Vulnerability

2023-09-25 • CISA Known Exploited Vulnerability

[event] Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.

> AFFECTED SOFTWARE

Field	Value
Vendor	Apple
Product	Multiple Products
CWE	CWE-295
CVE ID	CVE-2023-41991
Date Added	2023-09-25
Due Date	2023-10-16
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2023-10-16

> REFERENCES

[1] https://support.apple.com/en-us/HT213926,
[2] https://support.apple.com/en-us/HT213927,
[3] https://support.apple.com/en-us/HT213928,
[4] https://support.apple.com/en-us/HT213929,
[5] https://support.apple.com/en-us/HT213931
[6] https://nvd.nist.gov/vuln/detail/CVE-2023-41991