CVE-2023-28198

HIGH

iPadOS < 16.4 - Use-After-Free

Title source: llm

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

References (4)

Core 4

Core References

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/11/1

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213670

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213676

Third Party Advisory

https://security.gentoo.org/glsa/202401-04

Scores

CVSS v3 8.8

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (5)

apple/ipados < 16.4

apple/iphone_os < 16.4

apple/macos 13.0 - 13.3

webkitgtk/webkitgtk < 2.40.1

wpewebkit/wpe_webkit < 2.40.1

Published Aug 14, 2023

Tracked Since Feb 18, 2026