CVE-2023-42824

ENISA EUVD: EUVD-2023-47245 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 12 articles Published: 2023-10-04

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.97%

probability

This CVE has a 0.97% probability of being exploited in the next 30 days.

0% Top 76.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

Affected Products

Apple

iOS and iPadOS

unspecified

apple

ipados

apple

iphone os

Apple

iOS and iPadOS

unspecified <16.7

Google Project Zero

Patched

Oct. 4, 2023

Reported by

???

Root Cause Analysis

???

Exploits & PoC

619555798/cve-2023-42824

cow bypass

3 2026-02-14

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://support.apple.com/en-us/HT213972

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.97%

CVSS v3.1 7.8

Mentions 12

Last Seen Mar 11, 2025

CNA Information

CNA Assigner

apple

Analyst Note

This CVE is confirmed as actively exploited in the wild against iOS versions prior to 16.6, with Apple explicitly acknowledging in-the-wild exploitation and issuing patches in iOS 16.7.1. The vulnerability earned high media coverage describing 'extremely sophisticated' attacks, and its presence in Google Project Zero further validates the threat assessment.

Triage Info

Decided atFeb 18, 2026

Published DateOct 04, 2023