CVE-2023-28206

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 26 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

24.12%

probability

This CVE has a 24.12% probability of being exploited in the next 30 days.

0% Top 96.1th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

8.6

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

NVD

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Affected Products

apple

ipados

apple

iphone os

apple

macos

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Patched

April 7, 2023

Reported by

Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

Root Cause Analysis

???

https://support.apple.com/en-us/HT213720

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213721

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213723

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213724

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213725

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213720

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213721

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213723

Release Notes Vendor Advisory

Signal Intelligence

Confidenceⓘ

95%

EPSS 24.12%

CVSS v3.1 8.6

Mentions 26

Last Seen Mar 11, 2025

CNA Information

Analyst Note

CVE-2023-28206 is confirmed as actively exploited in-the-wild with high severity (CVSS 8.6), enabling arbitrary code execution with kernel privileges. Apple officially acknowledged active exploitation and deployed patches across multiple OS versions, with corroboration from Google Project Zero and extensive media coverage of the sophisticated attack campaign.

Triage Info

Decided atMar 03, 2026