CVE-2023-28204

Warnung

EPSS 0.04%
Veröffentlicht 23.06.2023 18:15:11
Zuletzt bearbeitet 14.02.2025 16:16:52
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Safari Version < 16.5

Apple ≫ iPadOS Version < 15.7.6

Apple ≫ iPadOS Version >= 16.0 < 16.5

Apple ≫ iPhone OS Version < 15.7.6

Apple ≫ iPhone OS Version >= 16.0 < 16.5

Apple ≫ macOS Version >= 13.0 < 13.4

Apple ≫ tvOS Version < 16.5

Apple ≫ watchOS Version < 9.5

Webkitgtk ≫ Webkitgtk+ Version < 2.42.3

22.05.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.133

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N