CVE-2023-41991, 41992, 41993: Three Actively Exploited Vulnerabilities in Apple Products Fixed

Share :

On September 21, 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari.   






Impacted Product 



A certificate validation issue in the WebKit engine could allow a malicious app to bypass signature validation. 

macOS, iOS, iPadOS, watchOS 


A flaw in the kernel could potentially allow a local attacker to elevate their privileges due to inadequate checks. 

macOS, iOS, iPadOS, watchOS 


Inadequate checks in the Security Framework could allow a threat actor to achieve arbitrary code execution via maliciously crafted web content. 

Safari, iOS, iPadOS 


Citizen Lab and Google Threat Analysis Group (TAG) observed these three vulnerabilities exploited in an exploit chain against a former Egyptian Member of Parliament to deploy Predator spyware. Predator was developed by Intellexa/Cytrox to perform surveillance on targeted mobile devices. Earlier in 2023, the US Government banned Intellexa and Cytrox as these companies were involved in activities that threatened national security by targeting high-profile individuals worldwide.  

Apple products can be appealing targets for threat actors due to their potential to store sensitive company information. This presents a risk to organizations with a Bring Your Own Device (BYOD) policy that allow employees to use their personal devices, as security updates may not be strongly enforced.  

Recommendation for CVE-2023-41991, 41992, 41993 

Upgrade Apple Products to Fixed Version   

Arctic Wolf strongly recommends upgrading affected Apple products to their respective fixed version. These updates can be performed by going to the device’s system settings and selecting “Software Update”. 

Apple Product 


Fixed Version 


Safari (on macOS Big Sur and Monterey) 

Safari 16.6.1 

  • Note: Updating macOS also updates Safari.  

iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later 

iOS 17.0.1 and iPadOS 17.0.1 

iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later 

iOS 16.7 and iPadOS 16.7 

Apple Watch Series 4 and later 

watchOS 10.0.1 

Apple Watch Series 4 and later 

watchOS 9.6.3 

macOS Ventura 

macOS Ventura 13.6 

macOS Monterey 

macOS Monterey 12.7 


Note: Citizen Lab urges all at-risk users to enable Lockdown mode as this has been confirmed by Apple’s Security Engineering and Architecture team that Lockdown Mode blocks this particular attack. 

Please follow your organization’s patching and testing guidelines to avoid operational impact. 


  1. Apple Security Releases
  2. Citizen Lab Blog
  3. Google Threat Analysis Group (TAG) Blog
  4. US Department of Commerce bans spyware vendors 
Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Subscribe to our Monthly Newsletter