Denial-of-Service Vulnerability in Apple Products
CVE-2023-23512

6.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS and iPadOS; tvOS; macOS; watchOS
Vendor: CVE Published:; 27 February 2023

Summary

A vulnerability has been identified in various Apple platforms where improved cache handling can be exploited, potentially leading to an app denial-of-service. This situation may arise when users visit a compromised website, which could disrupt the normal functioning of applications on devices running vulnerable versions of watchOS, tvOS, macOS, iOS, and iPadOS. The issue has been addressed in the latest updates, encouraging users to upgrade to the fixed versions.

Affected Version(s)

iOS and iPadOS < 16.3

macOS < 13.2

tvOS < 16.3

References

https://support.apple.com/en-us/HT213606

https://support.apple.com/en-us/HT213601

https://support.apple.com/en-us/HT213605

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 12, 2023