← back
CVE-2023-32373

CVE-2023-32373

CVSS 8.8 HIGHEPSS 12.3%● KEVCWE-416
In short

A memory management flaw in Apple's software allows attackers to execute arbitrary code by crafting malicious web content. This vulnerability has been actively exploited in the wild, making it a serious security risk.

Technical detail

Use-after-free vulnerability (CWE-416) in memory management affecting Safari and Apple OS kernels. An attacker can craft malicious web content that triggers access to freed memory, leading to arbitrary code execution. The vulnerability affects iOS, iPadOS, macOS, tvOS, and watchOS with CVSS 8.8 severity and evidence of active exploitation.

Summary generated and translated by AI from the official description.
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · tvOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.gentoo.org/glsa/202401-04https://support.apple.com/en-us/HT213757https://support.apple.com/en-us/HT213758https://support.apple.com/en-us/HT213761https://support.apple.com/en-us/HT213762https://support.apple.com/en-us/HT213764https://support.apple.com/en-us/HT213765https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32373