CVE-2023-23529

Published Feb 27, 2023

Last updated 5 months ago

Overview

Description
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Source
product-security@apple.com
NVD status
Analyzed

Social media

Hype score
Not currently trending

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Apple Multiple Products WebKit Type Confusion Vulnerability
Exploit added on
Feb 14, 2023
Exploit action due
Mar 7, 2023
Required action
Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov
CWE-843

Configurations