CVE-2023-32409
HIGH KEVSafari < 16.5 - Remote Sandbox Escape via Improved Bounds Checks
Title source: llmExploitation Summary
CVE-2023-32409 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 22, 2023.
Description
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
References (7)
Core 7
Core References
Vendor Advisory
https://support.apple.com/en-us/HT213757
Vendor Advisory
https://support.apple.com/en-us/HT213758
Vendor Advisory
https://support.apple.com/en-us/HT213761
Vendor Advisory
https://support.apple.com/en-us/HT213762
Vendor Advisory
https://support.apple.com/en-us/HT213764
Vendor Advisory
https://support.apple.com/en-us/HT213842
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32409
Scores
CVSS v3
8.6
EPSS
0.0030
EPSS Percentile
53.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2023-05-22
VulnCheck KEV
2023-05-18
InTheWild.io
2023-05-18
ENISA EUVD
EUVD-2023-36653
Status
published
Products (6)
apple/ipados
15.0 - 15.7.8
apple/iphone_os
15.0 - 15.7.8
apple/macos
13.0 - 13.4
apple/safari
< 16.5
apple/tvos
< 16.5
apple/watchos
< 9.5
Published
Jun 23, 2023
KEV Added
May 22, 2023
Tracked Since
Feb 18, 2026