Safari Addresses Use After Free Issue, Preventing Malicious Code Execution

CVE-2023-28205

8.8HIGH

Key Information

Vendor: Apple
Status: iOS and iPadOS; Safari; macOS
Vendor: CVE Published:; 10 April 2023

Badges

👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

Summary

The Safari web browser developed by Apple is the subject of two actively exploited zero-day vulnerabilities, known as CVE-2023-28205 and CVE-2023-28206. These vulnerabilities have been exploited in tandem to achieve full device compromise, potentially allowing the installation of spyware on affected devices. CVE-2023-28205 is a use-after-free issue that can lead to arbitrary code execution, while CVE-2023-28206 is an out-of-bounds write issue that can be exploited to execute arbitrary code with kernel privileges. Security updates have been released for newer macOS, iOS, and iPadOS versions, and backported to fix the flaws in older versions. However, details about the attacks performed by exploiting these vulnerabilities have not been made available. The Cybersecurity and Infrastructure Security Agency has added both vulnerabilities to its Known Exploited Vulnerabilities Catalog, and urges affected parties to apply the updates as soon as possible.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-28205 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

iOS and iPadOS < 15.7

Safari < 16.4

macOS < 13.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

uaf-2023-28205
Created by ntfargo