← back
CVE-2023-28204

CVE-2023-28204

CVSS 6.5 MEDIUMEPSS 14.4%● KEVCWE-125
In short

A flaw allows attackers to read memory beyond intended boundaries when processing web content, potentially exposing sensitive information like passwords or personal data. This vulnerability affects Apple devices and Safari, and was actively exploited.

Technical detail

An out-of-bounds read vulnerability (CWE-125) in web content processing allows an attacker to access unintended memory regions through a crafted webpage or malicious content. The attack requires user interaction (visiting a malicious site) and results in information disclosure. Fixed through improved input validation in Safari and multiple Apple OS versions.

Summary generated and translated by AI from the official description.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · tvOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.gentoo.org/glsa/202401-04https://support.apple.com/en-us/HT213757https://support.apple.com/en-us/HT213758https://support.apple.com/en-us/HT213761https://support.apple.com/en-us/HT213762https://support.apple.com/en-us/HT213764https://support.apple.com/en-us/HT213765https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204