Annual recap
Mobile security · 2023
2023 review indexed by Appaloosa Scout: 1 380 mobile CVE published, 38 added to the CISA KEV catalog (exploited in real attacks), 3 mobile apps affected by at least one KEV.
- CVE indexed this year
- 1 380
- CISA KEV added
- 38
- Tracked apps affected
- 3
Severity distribution
CRITICAL
126
HIGH
1 147
MEDIUM
100
LOW
7
Top 10 mobile KEV of the year
Sorted by number of mobile apps affected (CVSS as tiebreaker).
| CVE | Severity | Apps | Added to KEV | Description |
|---|---|---|---|---|
|
CVE-2023-5217
2 apps
|
HIGH 8.8 | 2 | 2023-10-02 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to pote… |
|
CVE-2023-4863
1 apps
|
HIGH 8.8 | 1 | 2023-09-13 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of b… |
|
CVE-2023-38831
1 apps
|
HIGH 7.8 | 1 | 2023-08-24 | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The i… |
|
CVE-2016-9079
1 apps
|
HIGH 7.5 | 1 | 2023-06-22 | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild… |
|
CVE-2023-23397
0 apps
|
CRITICAL 9.8 | 0 | 2023-03-14 | Microsoft Outlook Elevation of Privilege Vulnerability |
|
CVE-2023-36025
0 apps
|
HIGH 8.8 | 0 | 2023-11-14 | Windows SmartScreen Security Feature Bypass Vulnerability |
|
CVE-2023-32049
0 apps
|
HIGH 8.8 | 0 | 2023-07-11 | Windows SmartScreen Security Feature Bypass Vulnerability |
|
CVE-2023-35311
0 apps
|
HIGH 8.8 | 0 | 2023-07-11 | Microsoft Outlook Security Feature Bypass Vulnerability |
|
CVE-2022-41080
0 apps
|
CRITICAL 8.8 | 0 | 2023-01-10 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
|
CVE-2023-21674
0 apps
|
HIGH 8.8 | 0 | 2023-01-10 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
Top vendors by KEV this year
- 1 Mozilla 3 KEV · 2 apps
- 2 win.rar GmbH 1 KEV · 1 apps
Most affected apps
Methodology
KEV: added to the CISA catalog during the year (kev_added_date). CVE: NVD publication date. Apps: those indexed in Scout at query time; the history evolves as new mappings are added.