[CDP-development] TLP:GREEN (Vulnerability Alert Notification) - CVE-2023-41990: Apple Multiple Products Code Execution Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Mon Jan 8 12:16:22 PST 2024 

Good afternoon,

The SOC Services team is reporting on the vulnerability: CVE-2023-41990: Apple Multiple Products Code Execution Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On January 8, 2024, CISA added CVE-2023-41990 to the Known Exploited Vulnerabilities Catalog. CVE-2023-41990 is an vulnerability that exists in the FontParser for multiple Apple products with a CVSS score of 7.8.

Affected Products:

  *   Apple Watch Series 4 and later
  *   Apple TV 4K (all models) & Apple TV HD
  *   iPhone 8 and later, iPad Pro (All models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
  *   iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
  *   macOS Ventura
  *   macOS Monterey
  *   macOS Big Sur
  *   Possibly exploited on iOS before 15.7.1

Fixed versions:

  *   watchOS 9.3
  *   tvOS 16.3
  *   macOS Ventura 13.2
  *   iOS 15.7.8 and iPadOS 15.7.8
  *   iOS 16.3 and iPadOS 16.3
  *   macOS Monterey 12.6.8
  *   macOS Big Sur 11.7.9

Security notifications from Apple can be found below.
https://support.apple.com/en-us/HT213599
https://support.apple.com/en-us/HT213601
https://support.apple.com/en-us/HT213605
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213842
https://support.apple.com/en-us/HT213844
https://support.apple.com/en-us/HT213845

Intelligence: As of January 8, 2024, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: Apple has provided limited detail as to how the vulnerability works, only stating that the vulnerability is related to processing font files.

Post-Exploit: Upon successful exploitation of the vulnerability, a threat actor could execute arbitrary code.

As of January 8, 2024, Tenable has not released any plugins for the vulnerability and has no plugins in the pipeline.
Additional Resources: The InTune team has provide the attached documents, which can be tailored to your needs. They provide answers to frequently asked questions about iOS updates from the perspective of both technicians and users, as well as the update process.

Recommended Actions:


  *   Ensure mobile devices are charged to 50% and are plugged into a charger.
  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


[cid:image001.png at 01DA4226.7B14EB90]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240108/4904db57/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240108/4904db57/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Apple_OS_Updates_Process.pdf
Type: application/pdf
Size: 280576 bytes
Desc: Apple_OS_Updates_Process.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240108/4904db57/attachment-0003.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_Tech.pdf
Type: application/pdf
Size: 198174 bytes
Desc: iOS Updates_FAQ_Tech.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240108/4904db57/attachment-0004.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iOS Updates_FAQ_User.pdf
Type: application/pdf
Size: 189456 bytes
Desc: iOS Updates_FAQ_User.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240108/4904db57/attachment-0005.pdf>

More information about the CDP-development mailing list