CVE-2023-27932

MEDIUM

Safari < 16.4 - Same Origin Policy Bypass via Malicious Web Content

Title source: llm

Description

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

References (5)

Core 5

Core References

Vendor Advisory

https://support.apple.com/en-us/HT213670

Vendor Advisory

https://support.apple.com/en-us/HT213671

Vendor Advisory

https://support.apple.com/en-us/HT213674

Vendor Advisory

https://support.apple.com/en-us/HT213676

Vendor Advisory

https://support.apple.com/en-us/HT213678

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (7)

apple/ipados < 16.4

apple/iphone_os < 16.4

apple/macos < 13.3

apple/safari < 16.4

apple/tvos < 16.4

apple/watchos < 9.4

debian/debian_linux 10.0

Published May 08, 2023

Tracked Since Feb 18, 2026