CVE-2023-28206
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
CVSS
—
No CVSS
EPSS
24.5%
p98
KEV
YES
Apr 10, 2023
Exploit Today
79
0-100
Published: — · Last modified: —
24.5%EPSS · 30 days24.5%
2026-06-302026-07-16
Product
Apple / iOS, iPadOS, and macOS
Vulnerability
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Added to KEV
Apr 10, 2023
Remediate by
May 1, 2023
Known ransomware use
No
Summary description
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Required action
Apply updates per vendor instructions.
Notes
https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721; https://nvd.nist.gov/vuln/detail/CVE-2023-28206
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-43300—97.1%
KEV—79Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability—CVE-2022-22620—96.6%
KEV—79Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability—CVE-2023-41064—96.4%
KEV—79Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability—CVE-2021-30858—96.0%
KEV—79Apple iOS, iPadOS, macOS Use-After-Free Vulnerability—CVE-2021-1870—94.1%
KEV—78Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability—CVE-2021-1871—93.5%
KEV—78Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability—