Actively exploited in the wild
Apple Multiple Products Kernel Unspecified Vulnerability
Apple — Multiple Products · Listed in the CISA KEV since 2023-07-26. This indicates confirmed attacks in production environments.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVE-2023-38606
MediumCVSS 5.5KEVExploitation Probability (EPSS)
Elevated risk58th percentile — higher than 58% of all known CVEs
Summary
The issue involves the potential for an app to modify sensitive kernel state. It has been addressed with improved state management in Apple operating systems.
Risk Assessment
Organizations may be vulnerable to attacks exploiting this vulnerability, especially on older iOS versions that have not been updated.
Recommendation
It is recommended to update systems to the latest versions to minimize the risk associated with this vulnerability.
Original NVD description (English source)
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

