CVE-2023-32439
HIGH KEVSafari < 16.5.1 - Remote Code Execution via Type Confusion
Title source: llmExploitation Summary
CVE-2023-32439 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 23, 2023.
Description
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References (8)
Core 8
Core References
Third Party Advisory
https://security.gentoo.org/glsa/202401-04
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213811
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213813
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213814
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213816
Vendor Advisory
https://support.apple.com/kb/HT213814
Vendor Advisory
https://support.apple.com/kb/HT213816
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32439
Scores
CVSS v3
8.8
EPSS
0.0116
EPSS Percentile
79.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-06-23
VulnCheck KEV
2023-06-21
InTheWild.io
2023-06-21
ENISA EUVD
EUVD-2023-36683
CWE
CWE-843
Status
published
Products (5)
apple/ipados
< 15.7.7
apple/iphone_os
< 15.7.7
apple/macos
13.0 - 13.4.1
apple/safari
< 16.5.1
webkitgtk/webkitgtk\+
< 2.42.3
Published
Jun 23, 2023
KEV Added
Jun 23, 2023
Tracked Since
Feb 18, 2026