6.5

CVE-2023-28204

Warnung
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 16.5
AppleiPadOS Version < 15.7.6
AppleiPadOS Version >= 16.0 < 16.5
AppleiPhone OS Version < 15.7.6
AppleiPhone OS Version >= 16.0 < 16.5
ApplemacOS Version >= 13.0 < 13.4
AppletvOS Version < 16.5
ApplewatchOS Version < 9.5

22.05.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.29% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://support.apple.com/en-us/HT213765
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213757
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213758
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213761
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213764
Vendor Advisory
Release Notes
https://security.gentoo.org/glsa/202401-04
Third Party Advisory
https://support.apple.com/en-us/HT213762
Vendor Advisory
Release Notes
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204
US Government Resource