Out-of-Bounds Read Vulnerability in Apple Operating Systems
CVE-2023-28204

6.5MEDIUM

Key Information:

Vendor
Apple
Status
Mac OS
Safari
Watch OS
iOS And iPad OS
Vendor
CVE Published:
23 June 2023

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

An out-of-bounds read vulnerability was identified within Apple’s operating systems, resulting from improper input validation. This flaw could allow processing web content to potentially expose sensitive information to unauthorized users. Apple has addressed this issue in several software updates, ensuring improved protection against such vulnerabilities. Users are strongly advised to update their devices to the latest versions to maintain security and privacy.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

iOS and iPadOS < 15.7

iOS and iPadOS < 16.5

macOS < 13.4

News Articles

favicon imageHelp Net Security

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) - Help Net Security

Apple has delivered fixes for many vulnerabilities and CVE-2023-32409, a WebKit 0-day that "may have been actively exploited."

References

https://support.apple.com/en-us/HT213758
https://support.apple.com/en-us/HT213762
https://support.apple.com/en-us/HT213764

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by Help Net Security

  • Vulnerability Reserved

.