{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T12:34:06.851","vulnerabilities":[{"cve":{"id":"CVE-2023-41991","sourceIdentifier":"product-security@apple.com","published":"2023-09-21T19:15:11.283","lastModified":"2025-11-05T19:18:21.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."},{"lang":"es","value":"Se solucionó un problema de validación de certificados. Este problema se solucionó en macOS Ventura 13.6, iOS 16.7 y iPadOS 16.7. Es posible que una aplicación maliciosa pueda eludir la validación de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"cisaExploitAdd":"2023-09-25","cisaActionDue":"2023-10-16","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Apple Multiple Products Improper Certificate Validation Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"16.7","matchCriteriaId":"1CEB5BA1-7092-4ADE-B19F-FD34CB53CCC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:17.0:*:*:*:*:*:*:*","matchCriteriaId":"FD0EE39C-DEC4-475C-8661-5BD76457A39E"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"16.7","matchCriteriaId":"3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*","matchCriteriaId":"502CD624-FA22-4C7B-9CA3-53CA938BE1AB"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.6","matchCriteriaId":"7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F"}]}]}],"references":[{"url":"https://support.apple.com/en-us/HT213927","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/HT213931","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/HT213927","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/HT213931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT213927","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT213931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}