CVE-2023-23529

CVSS 8.8 HIGHEPSS 9.5%● KEVCWE-843

In short

A type confusion vulnerability in Apple's WebKit allows attackers to execute arbitrary code by processing maliciously crafted web content. This flaw affects multiple Apple devices and Safari, and is known to be actively exploited in the wild.

Technical detail

Type confusion vulnerability in WebKit's type checking mechanisms (CWE-843) exploitable through malicious web content delivered to users. Requires user interaction to visit a crafted webpage; successful exploitation results in arbitrary code execution with user privileges. Fixed in iOS/iPadOS 15.7.4, 16.3.1, macOS Ventura 13.2.1, and Safari 16.3.

Summary generated and translated by AI from the official description.

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Apple · iOS and iPadOS Apple · macOS Apple · Safari

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/en-us/HT213633 https://support.apple.com/en-us/HT213635 https://support.apple.com/en-us/HT213638 https://support.apple.com/en-us/HT213673 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529