CVE-2023-43000

HIGH KEV

macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free

Title source: llm

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.

References (5)

[Various Sources] https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/120324

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/120331

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/120338

Scores

CVSS v3 8.8

EPSS 0.0011

EPSS Percentile 28.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2026-03-05

VulnCheck KEV 2026-03-03

ENISA EUVD EUVD-2023-47421

Classification

CWE

CWE-416

Status published

Affected Products (4)

apple/safari < 16.6

apple/ipados < 16.6

apple/iphone_os < 16.6

apple/macos < 13.5

Timeline

Published Nov 05, 2025

KEV Added Mar 05, 2026

Tracked Since Feb 18, 2026