CVE-2023-37450

HIGH KEV

Apple Safari < 16.5.2 - Denial of Service

Title source: rule

Description

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

References (7)

[Third Party Advisory] https://security.gentoo.org/glsa/202401-04

[Vendor Advisory] https://support.apple.com/en-us/HT213826

[Vendor Advisory] https://support.apple.com/en-us/HT213841

[Vendor Advisory] https://support.apple.com/en-us/HT213843

[Vendor Advisory] https://support.apple.com/en-us/HT213846

[Vendor Advisory] https://support.apple.com/en-us/HT213848

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37450

Scores

CVSS v3 8.8

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-07-13

VulnCheck KEV 2023-07-10

InTheWild.io 2023-07-10

ENISA EUVD EUVD-2023-41350

Status published

Products (7)

apple/ipados < 16.6

apple/iphone_os < 16.6

apple/macos 13.0 - 13.5

apple/safari < 16.5.2

apple/tvos < 16.6

apple/watchos < 9.6

webkitgtk/webkitgtk\+ < 2.42.3

Published Jul 27, 2023

KEV Added Jul 13, 2023

Tracked Since Feb 18, 2026