CVE-2023-32373
HIGH KEVSafari < 16.5 - Use-After-Free via Maliciously Crafted Web Content
Title source: llmExploitation Summary
CVE-2023-32373 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 22, 2023.
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References (8)
Core 8
Core References
Third Party Advisory
https://security.gentoo.org/glsa/202401-04
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213757
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213758
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213761
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213762
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213764
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213765
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32373
Scores
CVSS v3
8.8
EPSS
0.0004
EPSS Percentile
12.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-05-22
VulnCheck KEV
2023-05-01
InTheWild.io
2023-05-01
ENISA EUVD
EUVD-2023-36617
CWE
CWE-416
Status
published
Products (11)
apple/ipados
< 15.7.6
apple/iphone_os
15.0 - 15.7.6
apple/macos
< 13.4
apple/safari
< 16.5
apple/tvos
< 16.5
apple/watchos
< 9.5
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
... and 1 more
Published
Jun 23, 2023
KEV Added
May 22, 2023
Tracked Since
Feb 18, 2026