CVE-2023-41988

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Oct 25, 2023
Updated: Nov 2, 2023

Summary

CVE-2023-41988 is a vulnerability affecting Apple devices that allowed an attacker with physical access to access sensitive user data through Siri on a locked device. This issue has been resolved in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1, and iPadOS 17.1 by restricting certain options on a locked device. Prior to the patch, an attacker could potentially bypass the lock screen and gain access to personal information using Siri commands. This vulnerability highlights the importance of keeping software up-to-date to protect against potential security threats.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apple Watch
  • WatchOS
  • Apple (iPhone OS)
  • MacOS
  • iPadOS

Affected Vendors

  • Apple