What is CVE-2023-41990?

A high-severity code execution vulnerability exists across multiple Apple products, including iOS, macOS, and watchOS. Immediate patching is necessary to mitigate risks associated with this vulnerability.

What is the severity of CVE-2023-41990?

CVE-2023-41990 has a severity rating of HIGH with a CVSS base score of 7.8.

Is CVE-2023-41990 in CISA KEV?

Yes. CVE-2023-41990 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2023-41990 | High Vulnerability in Apple Multiple Products

CVE-2023-41990 is a high-severity vulnerability affecting several Apple products, including iOS, iPadOS, macOS, tvOS, and watchOS. This vulnerability allows for arbitrary code execution when processing a font file, which can be exploited due to improper handling of caches. Apple has confirmed that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. Organizations utilizing affected products must prioritize patching to mitigate potential exploitation.

The CVSS score for this vulnerability is 7.8, indicating a high severity level. This score suggests significant risks to confidentiality, integrity, and availability, emphasizing the need for immediate action from organizations that have not yet applied the necessary updates.

Apple has released updates to address this vulnerability in versions tvOS 16.3, iOS 16.3, iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8, iPadOS 15.7.8, macOS Ventura 13.2, and watchOS 9.3. Organizations should prioritize patching immediately.

In light of the potential risks, organizations are advised to validate their systems against this vulnerability and ensure that all affected products are updated accordingly.

Vulnerability Details

The issue was addressed with improved handling of caches. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. The vulnerability has a CVSS score of 7.8, categorized as high severity due to its ability to impact confidentiality, integrity, and availability.

Technical Analysis

The root cause of this vulnerability stems from improper handling of font files, which can allow attackers to execute arbitrary code. The vulnerability can be exploited locally, requiring user interaction, as the user must open a maliciously crafted font file. The attack complexity is low, making it easier for attackers to exploit this vulnerability.

The impact on confidentiality, integrity, and availability is significant, as successful exploitation could lead to unauthorized access to sensitive information, modification of critical data, or disruption of services.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data and system integrity compromise. The vulnerability's blast radius can affect multiple products within the Apple ecosystem, elevating the urgency for organizations to address this flaw.

Given the CVSS score of 7.8 and confirmed reports of active exploitation, organizations should address this vulnerability immediately to prevent possible attacks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The following Apple products are affected: iPadOS (versions prior to 15.7.8 and 16.0 to 16.3), iPhone OS (versions prior to 15.7.8 and 16.0 to 16.3), macOS (versions prior to 11.7.9 and 12.0.0 to 12.6.8, and 13.0 to 13.2), tvOS (versions prior to 16.3), and watchOS (versions prior to 9.3). Organizations should ensure all systems are upgraded to the latest versions.

Mitigation & Remediation

Organizations should apply the relevant patches as indicated by Apple. The updates are available for the following versions: tvOS 16.3, iOS 16.3, iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8, iPadOS 15.7.8, macOS Ventura 13.2, and watchOS 9.3. If immediate patching is not possible, consider implementing configuration hardening and network controls to limit the risk of exploitation.

Detection Guidance

Monitor for unusual behavior in applications that process font files. Log indicators of failed attempts to open font files and check for any anomalies in application behavior that may indicate exploitation attempts.

AppSecure Threat Intelligence Insight

This vulnerability represents a broader trend of code execution vulnerabilities in popular operating systems. Organizations should focus on continuous security testing to identify and remediate such vulnerabilities before they can be exploited. The deployment of a robust vulnerability management program is essential to minimize exposure to risks associated with software vulnerabilities.

For organizations looking to improve their security posture, consider engaging in penetration testing and adopting a proactive approach to vulnerability management.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-41990: High Vulnerability in Apple Multiple Products