CVE-2023-41990 is a vulnerability in Apple’s iOS and iPadOS operating systems, as well as other Apple platforms like macOS and watchOS, that allows arbitrary code execution through the processing of a maliciously crafted font file. The root cause is improper cache handling during font file processing, which can be exploited by an attacker to execute arbitrary code within the context of the targeted application or system process. This vulnerability requires user interaction, such as opening or previewing a malicious font file, but does not require any prior authentication or elevated privileges, making it accessible to remote attackers who can convince users to open malicious content. The CVSS v3.1 base score is 7.8, reflecting high severity with high impact on confidentiality, integrity, and availability. The issue affects iOS versions prior to 15.7.1 and corresponding versions of iPadOS, with patches released in iOS 15.7.8, 16.3, and similar updates for macOS Monterey, Big Sur, Ventura, tvOS, and watchOS. Apple has acknowledged reports of active exploitation attempts, underscoring the urgency of patching. The vulnerability’s exploitation vector is local (AV:L) but requires user interaction (UI:R), with low attack complexity (AC:L) and no privileges required (PR:N). The flaw’s exploitation could lead to full system compromise, data theft, or persistent malware installation. The fix involves improved cache handling during font processing to prevent execution of arbitrary code. Organizations relying on Apple devices should prioritize deploying these updates and consider additional controls to limit exposure to malicious font files.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Apple devices in both consumer and enterprise environments. Successful exploitation could lead to unauthorized access to sensitive corporate data, disruption of business operations, and potential lateral movement within networks if compromised devices are connected to corporate resources. Sectors such as finance, healthcare, government, and critical infrastructure, which often use iOS devices for secure communications and operations, are particularly vulnerable. The ability to execute arbitrary code means attackers could install persistent malware, exfiltrate confidential information, or disrupt device availability. Given the vulnerability requires user interaction, phishing or social engineering campaigns could be leveraged to deliver malicious font files. The high confidentiality, integrity, and availability impact combined with the ease of exploitation makes this a critical threat to organizations that have not yet applied the patches. Furthermore, the presence of this vulnerability in multiple Apple platforms increases the attack surface for organizations using a heterogeneous Apple ecosystem.

1. Immediately apply the security updates released by Apple for iOS (15.7.8, 16.3), iPadOS, macOS (Monterey 12.6.8, Big Sur 11.7.9, Ventura 13.2), tvOS 16.3, and watchOS 9.3 to all affected devices within the organization. 2. Implement strict controls on font file handling by restricting or blocking the opening of font files from untrusted or unknown sources, especially in email attachments or web downloads. 3. Educate users about the risks of opening unsolicited attachments or links, emphasizing caution with font files or documents that may contain embedded fonts. 4. Deploy endpoint detection and response (EDR) solutions capable of detecting suspicious font processing activities or anomalous code execution patterns on Apple devices. 5. Monitor network and device logs for indicators of compromise related to font processing exploits, including unusual process behavior or unexpected network connections originating from Apple devices. 6. Consider application whitelisting or sandboxing techniques to limit the execution context of font processing components. 7. Maintain an inventory of all Apple devices in use and ensure compliance with patch management policies to prevent unpatched devices from remaining in production environments. 8. Collaborate with IT and security teams to integrate Apple device security into broader organizational cybersecurity frameworks and incident response plans.