CVE-2023-41993

ENISA EUVD: EUVD-2023-46452 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 19 articles Published: 2023-09-21

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

24.16%

probability

This CVE has a 24.16% probability of being exploited in the next 30 days.

0% Top 96.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Affected Products

Apple

macOS

unspecified

apple

ipados

apple

iphone os

apple

macos

fedoraproject

fedora

debian

debian linux

Apple

macOS

unspecified <14

Attack Intelligence

CWE-703 · Improper Check or Handling of Exceptional Conditions CWE-754 · Improper Check for Unusual or Exceptional Conditions

Google Project Zero

Discovered

Sept. 12, 2023

Patched

Sept. 21, 2023

Reported by

Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Root Cause Analysis

???

Exploits & PoC

po6ix/POC-for-CVE-2023-41993

202 2024-03-08

hrtowii/cve-2023-41993-test

testing poc

16 2023-10-18

0x06060606/CVE-2023-41993

CVE-2023-41993

5 2024-11-18

Mangaia/cve-test

testing cve-2023-41993-test

0 2023-10-20

J3Ss0u/CVE-2023-41993

0 2024-02-28

5 repos — triés par ⭐ Rechercher sur GitHub ↗

https://support.apple.com/en-us/HT213940

https://security.gentoo.org/glsa/202401-33

https://security.netapp.com/advisory/ntap-20240426-0004/

Signal Intelligence

Confidenceⓘ

92%

EPSS 24.16%

CVSS v3.1 8.8

Mentions 19

Last Seen Mar 11, 2025

CNA Information

CNA Assigner

apple

Analyst Note

CVE-2023-41993 is confirmed as an actively exploited zero-day affecting macOS and iOS with high CVSS score (8.8), documented in-the-wild exploitation by sophisticated threat actors, and Apple's official acknowledgment with patches deployed in macOS Sonoma 14. Multiple credible sources corroborate active exploitation against real systems prior to patch availability.