CVE-2023-41990
ENISA EUVD: EUVD-2023-46449 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
3 articles
Published: 2023-09-11
EPSS Score
Source: FIRST.org · 2026-05-23
2.69%
probability
This CVE has a 2.69% probability
of being exploited in the next 30 days.
0%
Top 86.0th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Affected Products
Apple
iOS and iPadOS
unspecified
Apple
tvOS
unspecified
Apple
iOS and iPadOS
unspecified
Apple
macOS
unspecified
Apple
macOS
unspecified
Google Project Zero
Patched
July 24, 2023
Reported by
Apple, Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
Root Cause Analysis
???
Signal Intelligence
Confidence
92%
EPSS
2.69%
CVSS v3.1
7.8
Mentions
3
Last Seen
Jan 01, 2024
CNA Information
CNA Assigner
apple
Analyst Note
CVE-2023-41990 is a confirmed zero-day in Apple's font handling with active exploitation reported against iOS versions prior to 16.3, as acknowledged by Apple itself. The vulnerability carries a HIGH CVSS score (7.8), achieved arbitrary code execution capability, and was documented by Google Project Zero, providing strong technical validation.
Threat Actors 1
Kimsuky
apt_group
Information theft and espionage
🇰🇷 KR
Triage Info
Decided atMar 03, 2026
Published DateSep 11, 2023