← back
CVE-2023-32409

CVE-2023-32409

CVSS 8.6 HIGHEPSS 16.5%● KEV
In short

A security flaw in Apple's web browser and operating systems allows a remote attacker to escape the sandbox protection that isolates web content, potentially gaining unauthorized access to the system. This vulnerability was actively exploited in the wild.

Technical detail

A bounds-checking vulnerability in WebKit affects iOS, iPadOS, macOS, tvOS, and Safari, allowing a remote attacker to break out of the Web Content sandbox through specially crafted web content. The vulnerability requires user interaction (visiting a malicious webpage) and impacts confidentiality, integrity, and availability of the affected system. Apple confirmed active exploitation in the wild.

Summary generated and translated by AI from the official description.
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · tvOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213757https://support.apple.com/en-us/HT213758https://support.apple.com/en-us/HT213761https://support.apple.com/en-us/HT213762https://support.apple.com/en-us/HT213764https://support.apple.com/en-us/HT213842https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32409