Vulnerability Details : CVE-2023-32409
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
Products affected by CVE-2023-32409
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
CVE-2023-32409 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apple Multiple Products WebKit Sandbox Escape Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products whi
Notes:
https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765; https://nvd.nist.gov/vuln/detail/CVE-2023-32409
Added on
2023-05-22
Action due date
2023-06-12
Exploit prediction scoring system (EPSS) score for CVE-2023-32409
1.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32409
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
3.9
|
4.0
|
NIST |
References for CVE-2023-32409
-
https://support.apple.com/en-us/HT213761
About the security content of tvOS 16.5 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT213757
About the security content of iOS 16.5 and iPadOS 16.5 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT213842
About the security content of iOS 15.7.8 and iPadOS 15.7.8 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT213758
About the security content of macOS Ventura 13.4 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT213764
About the security content of watchOS 9.5 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT213762
About the security content of Safari 16.5 - Apple SupportVendor Advisory
-
http://seclists.org/fulldisclosure/2023/Jul/46
Full Disclosure: APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8
Jump to