← back
CVE-2023-32435

CVE-2023-32435

CVSS 8.8 HIGHEPSS 23.0%● KEVCWE-787
In short

A memory corruption vulnerability in Safari and iOS allows attackers to execute arbitrary code by processing specially crafted web content. This flaw was actively exploited in the wild before patches were released.

Technical detail

Out-of-bounds write vulnerability (CWE-787) in WebKit's content processing engine affecting Safari, iOS, and iPadOS. Exploitation requires processing untrusted web content; no user interaction beyond normal browsing is needed. Remote code execution is achievable with high privileges in the affected browser/OS context.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · Safari

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213670https://support.apple.com/en-us/HT213671https://support.apple.com/en-us/HT213676https://support.apple.com/en-us/HT213811https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32435