Arbitrary Code Execution Vulnerability in Apple Products
CVE-2023-23496

8.8HIGH

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS; Safari; macOS
Vendor: CVE Published:; 27 February 2023

Summary

An issue exists within Apple platforms where maliciously crafted web content could facilitate arbitrary code execution. The flaw was mitigated through enhanced checks in the system, ensuring a more robust defense against potential exploits. It primarily affects users on macOS Ventura and various versions of iOS and Safari. Users are encouraged to update their systems to the latest versions to safeguard against this vulnerability.

Affected Version(s)

iOS and iPadOS < 16.3

iOS and iPadOS < 15.7

macOS < 13.2

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213601

https://support.apple.com/en-us/HT213600

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023