CVE-2023-28205

HIGH KEV

Safari < 16.4.1 - Use-After-Free via Maliciously Crafted Web Content

Title source: llm

Exploitation Summary

CVE-2023-28205 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 10, 2023. EIP tracks 2 public exploits from researchers including ntfargo, seregonwar.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2023-28205, a use-after-free vulnerability in Apple WebKit. The exploit manipulates Map and Date objects to trigger garbage collection and access freed memory, potentially leading to arbitrary code execution.

Description

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Exploits (2)

nomisec WORKING POC 17 stars

by ntfargo · client-side

https://github.com/ntfargo/uaf-2023-28205

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2023-28205, a use-after-free vulnerability in Apple WebKit. The exploit manipulates Map and Date objects to trigger garbage collection and access freed memory, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Apple WebKit (Safari)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open crafted content in Safari

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP 4 stars

by seregonwar · client-side

https://github.com/seregonwar/uaf-2023-28205

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-28205, a use-after-free vulnerability in Apple WebKit's structured clone deserialization logic. It includes root cause analysis, crash analysis, and confirms the vulnerability in WebKit-613.1.17.1 (PlayStation/Safari 15.4 lineage).

Classification

Writeup 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Apple WebKit (WebKit-613.1.17.1, Safari 15.4 lineage)

No auth needed

Prerequisites: Victim must visit a maliciously crafted webpage · Target must be running vulnerable WebKit version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Release Notes

https://support.apple.com/en-us/HT213720

Release Notes

https://support.apple.com/en-us/HT213721

Release Notes

https://support.apple.com/en-us/HT213722

Release Notes

https://support.apple.com/en-us/HT213723

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205

Scores

CVSS v3 8.8

EPSS 0.2708

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-04-10

VulnCheck KEV 2023-04-07

InTheWild.io 2023-04-07

ENISA EUVD EUVD-2023-31913

CWE

CWE-416

Status published

Products (4)

apple/ipados < 15.7.5

apple/iphone_os < 15.7.5

apple/macos < 13.3.1

apple/safari < 16.4.1

Published Apr 10, 2023

KEV Added Apr 10, 2023

Tracked Since Feb 18, 2026