CVE-2023-32435
HIGH KEVSafari < 16.4 - Remote Code Execution via Memory Corruption
Title source: llmExploitation Summary
CVE-2023-32435 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 23, 2023.
Description
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
References (5)
Core 5
Core References
Vendor Advisory
https://support.apple.com/en-us/HT213670
Vendor Advisory
https://support.apple.com/en-us/HT213671
Vendor Advisory
https://support.apple.com/en-us/HT213676
Vendor Advisory
https://support.apple.com/en-us/HT213811
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32435
Scores
CVSS v3
8.8
EPSS
0.0042
EPSS Percentile
62.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-06-23
VulnCheck KEV
2023-03-27
InTheWild.io
2023-06-21
ENISA EUVD
EUVD-2023-36679
CWE
CWE-787
Status
published
Products (4)
apple/ipados
< 15.7.7
apple/iphone_os
< 15.7.7
apple/macos
13.0 - 13.3
apple/safari
< 16.4
Published
Jun 23, 2023
KEV Added
Jun 23, 2023
Tracked Since
Feb 18, 2026