← back
CVE-2023-43000

CVE-2023-43000

CVSS 8.8 HIGHEPSS 3.9%● KEVCWE-416
In short

A use-after-free vulnerability in Safari and Apple systems allows attackers to corrupt memory by processing malicious web content, potentially leading to crashes or code execution.

Technical detail

Use-after-free (CWE-416) in Safari's web content processing allows an attacker to access freed memory through specially crafted HTML/JavaScript, causing memory corruption. The vulnerability requires user interaction (visiting a malicious webpage) and affects multiple Apple platforms. Fixed in macOS Ventura 13.5, iOS/iPadOS 16.6 and 15.8.7, Safari 16.6.

Summary generated and translated by AI from the official description.
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · Safari

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kithttps://support.apple.com/en-us/120324https://support.apple.com/en-us/120331https://support.apple.com/en-us/120338https://support.apple.com/en-us/126632https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000