CVE-2023-27932

MEDIUM

Apple Safari < 16.4 - Origin Validation Error

Title source: rule

Description

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

References (5)

[Vendor Advisory] https://support.apple.com/en-us/HT213670

[Vendor Advisory] https://support.apple.com/en-us/HT213671

[Vendor Advisory] https://support.apple.com/en-us/HT213674

[Vendor Advisory] https://support.apple.com/en-us/HT213676

[Vendor Advisory] https://support.apple.com/en-us/HT213678

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-346

Status published

Affected Products (7)

apple/safari < 16.4

apple/ipados < 16.4

apple/iphone_os < 16.4

apple/macos < 13.3

apple/tvos < 16.4

apple/watchos < 9.4

debian/debian_linux

Timeline

Published May 08, 2023

Tracked Since Feb 18, 2026