CVE-2023-41991

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 17 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

3.9%

probability

This CVE has a 3.9% probability of being exploited in the next 30 days.

0% Top 88.4th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Singature validation bypass

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-295 · Improper Certificate Validation

Google Project Zero

Discovered

Sept. 12, 2023

Patched

Sept. 21, 2023

Reported by

Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Root Cause Analysis

???

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

TheHackerNews

Apple fixes zero-day exploited in 'extremely sophisticated' attacks

BleepingComputer Feb 10, 2025

Apple fixes this year’s first actively exploited zero-day bug

BleepingComputer Jan 27, 2025

Apple fixes iOS Kernel zero-day vulnerability on older iPhones

BleepingComputer Oct 12, 2023

Apple emergency update fixes new zero-day used to hack iPhones

BleepingComputer Oct 04, 2023

Apple fixes two zero-days used in attacks on Intel-based Macs

BleepingComputer Nov 19, 2024

Apple emergency updates fix 3 new zero-days exploited in attacks

BleepingComputer Sep 21, 2023

Apple fixes two new iOS zero-days exploited in attacks on iPhones

BleepingComputer Mar 05, 2024

Apple fixes first zero-day bug exploited in attacks this year

BleepingComputer Jan 22, 2024

Apple emergency updates fix recent zero-days on older iPhones

BleepingComputer Dec 11, 2023

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

TheHackerNews

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks

BleepingComputer Mar 11, 2025

Apple fixes two new iOS zero-days in emergency updates

BleepingComputer Nov 30, 2023

Recently patched Apple, Chrome zero-days exploited in spyware attacks

BleepingComputer Sep 22, 2023

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

TheHackerNews

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

TheHackerNews

Security Advisory 2023-069

CERT-EU Oct 06, 2023

Signal Intelligence

Confidenceⓘ

92%

EPSS 3.9%

Mentions 17

Last Seen Mar 11, 2025

CNA Information

Analyst Note

CVE-2023-41991 is confirmed as an actively exploited zero-day in iOS/iPadOS with evidence of real-world attacks characterized as 'extremely sophisticated.' Apple's official acknowledgment of active exploitation prior to the fix, combined with multiple credible reporting sources and Google Project Zero involvement, strongly validates the confirmed status.

Threat Actors 6

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Infy

apt_group Information theft and espionage 🇮🇷 IR

APT24

apt_group Information theft and espionage 🇨🇳 CN

UNC1549

apt_group Information theft and espionage 🇮🇷 IR

PassCV

apt_group Information theft and espionage 🇨🇳 CN

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atFeb 18, 2026