Remote Code Execution Vulnerability in Apple Products
CVE-2023-32409

8.6HIGH

Key Information:

Vendor
Apple
Status
Mac OS
Safari
Watch OS
iOS And iPad OS
Vendor
CVE Published:
23 June 2023

Badges

๐Ÿ‘พ Exploit Exists๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

Summary

A security vulnerability exists in multiple Apple operating systems and Safari, allowing remote attackers to potentially escape the Web Content sandbox. This could enable unauthorized access or execution of malicious code. The issue has been addressed through improved bounds checks in the affected versions. Apple has also indicated that this vulnerability may have been actively exploited prior to its resolution, emphasizing the importance of updating to the latest versions available.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

iOS and iPadOS < 15.7

iOS and iPadOS < 16.5

macOS < 13.4

News Articles

favicon imageHelp Net Security

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) - Help Net Security

Apple has delivered fixes for many vulnerabilities and CVE-2023-32409, a WebKit 0-day that "may have been actively exploited."

References

https://support.apple.com/en-us/HT213758
https://support.apple.com/en-us/HT213762
https://support.apple.com/en-us/HT213764

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • ๐Ÿ“ฐ

    First article discovered by Help Net Security

  • Vulnerability Reserved

.