CVE-2023-40403

MEDIUM

iPadOS < 16.7 - Information Disclosure via Web Content Processing

Title source: llm
STIX 2.1

Description

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

References (21)

Core 21
Core References
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/10
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/5
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213927
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213931
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213932
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213936
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213937
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213938
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213940

Scores

CVSS v3 6.5
EPSS 0.0014
EPSS Percentile 33.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (5)
apple/ipados < 16.7
apple/iphone_os < 16.7
apple/macos 12.0.0 - 12.7
apple/tvos < 17.0
apple/watchos < 10.0
Published Sep 27, 2023
Tracked Since Feb 18, 2026