CVE-2023-28206 - Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Project:Apple
Product:iOS, iPadOS, and macOS
Date Added:2023-04-10Due Date:2023-05-01
Vulnerability Name
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Description
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721
https://nvd.nist.gov/vuln/detail/CVE-2023-28206
Related News Articles
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacksMarch 12, 2025
Apple fixes zero-day exploited in 'extremely sophisticated' attacksFebruary 11, 2025
Apple fixes this year’s first actively exploited zero-day bugJanuary 28, 2025
Apple fixes two zero-days used in attacks on Intel-based MacsNovember 20, 2024