CVE-2023-42855 is a vulnerability identified in Apple iOS and iPadOS that allows an attacker with physical access to a device to silently persist an Apple ID on a device that has been erased. The vulnerability arises from improper state management in the operating system, which could allow an attacker to implant or maintain an Apple ID on a device even after it has been reset to factory settings. This persistence could enable unauthorized access or control over the device, potentially bypassing normal security controls that rely on device erasure to remove user data and credentials. The issue is addressed in iOS and iPadOS 17.1 through improved state management mechanisms that prevent such silent persistence. The CVSS v3.1 base score is 4.6 (medium severity), reflecting that the attack vector requires physical access (AV:P), has low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but causes high impact on availability (A:H). No known exploits have been reported in the wild. This vulnerability primarily affects devices running iOS and iPadOS versions prior to 17.1, with no specific affected versions detailed. The ability to silently persist an Apple ID on an erased device could be leveraged by attackers to maintain long-term access or control, complicating device recovery and security assurance processes.

For European organizations, this vulnerability poses a risk primarily in environments where Apple iOS and iPadOS devices are widely used, such as in corporate, government, and educational sectors. The ability for an attacker with physical access to persist an Apple ID on an erased device undermines the security assumptions around device wiping and re-provisioning, potentially allowing unauthorized access to corporate resources or sensitive data. This could lead to unauthorized device enrollment, data leakage, or persistent backdoors that evade standard device management and security controls. The impact is heightened in scenarios involving device loss, theft, or improper disposal. Additionally, organizations with Bring Your Own Device (BYOD) policies may face increased risk if devices are not properly updated or physically secured. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact and persistence of unauthorized Apple IDs could disrupt operations and complicate incident response and forensic investigations.

To mitigate this vulnerability, European organizations should prioritize updating all Apple iOS and iPadOS devices to version 17.1 or later, where the issue is fixed. Implement strict physical security controls to prevent unauthorized physical access to devices, including secure storage, device tracking, and access logging. Enforce policies for device handling, especially during decommissioning or transfer, ensuring devices are updated and securely wiped using trusted methods. Employ Mobile Device Management (MDM) solutions to monitor device compliance and detect anomalies such as unauthorized Apple ID persistence. Educate users and IT staff about the risks of physical access attacks and the importance of timely updates. For high-risk environments, consider additional hardware protections such as secure boot and hardware encryption. Regularly audit device inventories and conduct security assessments to verify that devices are not compromised. Finally, maintain incident response plans that account for potential persistence mechanisms on erased devices.