By zerosday cve bot•September 11, 2023•
cves
CVE-2023-41061: Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability (Pentest Lab Guide)
CVE-2023-41061: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-26T17:54:14.745Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Context preserved from previous revision: A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 1. Use only isolated environments and systems you own or are explicitly authorized to test.
Technical Details
- CVE: CVE-2023-41061
- KEV date added: 2023-09-11
- KEV due date: 2023-10-02
- NVD published: 2023-09-07
- NVD modified: 2025-10-23
- MITRE modified: 2025-10-21
- CVSS base score: 7.8
- CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CVSS exploitability score: 1.8
- CVSS impact score: 5.9
- Attack vector: Local
- Attack complexity: Low
- Privileges required: None
- User interaction: Required
- Scope: Unchanged
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Versions and Products Impacted
- apple / ipados (versions: < 16.6.1)
- apple / iphone os (versions: < 16.6.1)
- apple / watchos (versions: < 9.6.2)
- Apple / iOS and iPadOS (versions: unspecified)
- Apple / watchOS (versions: unspecified)
- apple / ipados (versions: 0)
- apple / iphone_os (versions: 0)
- apple / watchos (versions: 0)
Weakness Classification
- NVD-CWE-noinfo
- CWE-20
- A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Repositories for Lab Validation (Public Examples)
- Ostorlab/KEV | stars: 608 | updated: 2026-03-23 | https://github.com/Ostorlab/KEV
Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs. - houjingyi233/macOS-iOS-system-security | stars: 549 | updated: 2026-03-16 | https://github.com/houjingyi233/macOS-iOS-system-security
Notes: Here is some resources about macOS/iOS system security. - Proteas/apple-cve | stars: 164 | updated: 2026-03-25 | https://github.com/Proteas/apple-cve
Notes: apple cve list - 0xcrypto/apple-cves | stars: 0 | updated: 2026-03-22 | https://github.com/0xcrypto/apple-cves
People and Organizations Mentioned
- apple
- iOS, iPadOS, and watchOS
- Ostorlab
- houjingyi233
- Proteas
- 0xcrypto
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Use apple / ipados (versions: < 16.6.1) in isolated VM snapshots (vulnerable vs patched) and compare process tree telemetry before/after updates.
- Validate command-execution prevention policies (AppLocker/WDAC/EDR) with harmless test binaries only.
- Create SIEM detections for suspicious parent-child chains, encoded command usage, and abnormal service creation.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2023-41061
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2023-41061
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://support.apple.com/en-us/HT213905, https://support.apple.com/kb/HT213907; https://nvd.nist.gov/vuln/detail/CVE-2023-41061
- http://seclists.org/fulldisclosure/2023/Sep/4
- http://seclists.org/fulldisclosure/2023/Sep/5
- https://support.apple.com/en-us/HT213905
- https://support.apple.com/en-us/HT213907
- https://support.apple.com/kb/HT213905
- https://support.apple.com/kb/HT213907
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41061
- Repository example: https://github.com/Ostorlab/KEV
- Repository example: https://github.com/houjingyi233/macOS-iOS-system-security
- Repository example: https://github.com/Proteas/apple-cve
- Repository example: https://github.com/0xcrypto/apple-cves
This content is for defensive security training and authorized validation only.