CVE-2023-41991

MEDIUM 5.5

⚠️ CISA KEV

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Vendor	apple
Product	ios and ipados
Ecosystems	iOS macOS
Industries	Technology
Published	Sep 21, 2023
Last Updated	Nov 4, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for apple ios and ipados

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-41991.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apple / iOS and iPadOS

unspecified < 16.7

Apple / macOS

unspecified < 13.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.apple.com: https://support.apple.com/en-us/HT213927 support.apple.com: https://support.apple.com/en-us/HT213931 support.apple.com: https://support.apple.com/kb/HT213931 support.apple.com: https://support.apple.com/kb/HT213927 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991