Memory Handling Vulnerability in iOS, iPadOS, macOS, and More by Apple
CVE-2023-40447

8.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Safari; TV OS; Mac OS
Vendor: CVE Published:; 25 October 2023

What is CVE-2023-40447?

Apple has identified a memory handling vulnerability across several of its platforms—including iOS, iPadOS, watchOS, macOS, Safari, and tvOS. This flaw may allow for arbitrary code execution when processing crafted web content, potentially compromising the integrity and confidentiality of the device. Apple addressed this vulnerability through improved memory management in the affected versions, with updates provided for iOS 17.1, iPadOS 17.1, watchOS 10.1, and more. It is crucial for users to update their devices to mitigate the risk associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 16.7

iOS and iPadOS < 17.1

macOS < 14.1

References

https://support.apple.com/en-us/HT213981

https://support.apple.com/en-us/HT213986

https://support.apple.com/en-us/HT213987

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Aug 14, 2023