CVE-2023-28198: Use After Free
First published: Mon Mar 27 2023(Updated: )
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
Credit: product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <13.3 | 13.3 | |
| <16.4 | 16.4 | |
| Apple iOS | <15.7.4 | 15.7.4 |
| Apple iPadOS | <15.7.4 | 15.7.4 |
| Apple iOS | <16.4 | 16.4 |
| Apple iPadOS | <16.4 | 16.4 |
| <16.4 | ||
| <16.4 | ||
| >=13.0<13.3 | ||
| <2.40.1 | ||
| <2.40.1 | ||
| Apple iPadOS | <16.4 | |
| Apple iPhone OS | <16.4 | |
| Apple macOS | >=13.0<13.3 | |
| WebKitGTK WebKitGTK | <2.40.1 | |
| Wpewebkit Wpe Webkit | <2.40.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2023/09/11/1
- https://support.apple.com/en-us/HT213670 (Advisory)
- https://support.apple.com/en-us/HT213676 (Advisory)
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/kb/HT213670
- https://support.apple.com/en-us/HT213673 (Advisory)
- https://support.apple.com/kb/HT213676
- https://support.apple.com/en-us/HT213671 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32436
- CVE-2023-27968
- CVE-2023-28209
- CVE-2023-28210
- CVE-2023-28211
- CVE-2023-28212
- CVE-2023-28213
- CVE-2023-28214
- CVE-2023-28215
- CVE-2023-32356
- CVE-2023-23532
- CVE-2023-23527
- CVE-2023-27931
- CVE-2023-28179
- CVE-2023-42830
- CVE-2023-27951
- CVE-2023-27961
- CVE-2023-23543
- CVE-2023-23534
- CVE-2023-27955
- CVE-2023-27936
- CVE-2023-28181
- CVE-2023-32426
- CVE-2022-43551
- CVE-2022-43552
- CVE-2023-27934
- CVE-2023-28180
- CVE-2023-27935
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-40433
- CVE-2023-28190
- CVE-2023-23537
- CVE-2023-28195
- CVE-2023-27956
- CVE-2023-32366
- CVE-2023-27937
- CVE-2023-23526
- CVE-2023-27928
- CVE-2023-27939
- CVE-2023-27947
- CVE-2023-27948
- CVE-2023-42862
- CVE-2023-42865
- CVE-2023-23535
- CVE-2023-27929
- CVE-2023-27946
- CVE-2023-27957
- CVE-2023-32378
- CVE-2023-28187
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23536
- CVE-2023-23514
- CVE-2023-27969
- CVE-2023-27933
- CVE-2023-28200
- CVE-2023-27943
- CVE-2023-23525
- CVE-2023-40383
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-27950
- CVE-2023-27949
- CVE-2023-28182
- CVE-2023-23538
- CVE-2023-27962
- CVE-2023-23523
- CVE-2023-27942
- CVE-2023-32362
- CVE-2023-27952
- CVE-2023-23533
- CVE-2023-28178
- CVE-2023-27966
- CVE-2023-27963
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-28188
- CVE-2023-0049
- CVE-2023-0051
- CVE-2023-0054
- CVE-2023-0288
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-32370
- CVE-2023-28198
- CVE-2023-32435
- CVE-2023-27932
- CVE-2023-27954
- CVE-2014-1745
- CVE-2023-32358
- CVE-2023-28201
- CVE-2023-27944
- CVE-2023-23541
- CVE-2023-28185
- CVE-2023-23529
- CVE-2023-23540
- CVE-2023-27959
- CVE-2023-27970
- CVE-2023-23494
- CVE-2023-23528
- CVE-2023-32424
- CVE-2022-46724
- CVE-2023-28194
- CVE-2022-46725
- CVE-2022-46705
Frequently Asked Questions
What is CVE-2023-28198?
CVE-2023-28198 is a use-after-free vulnerability in WebKit that allows arbitrary code execution.
Which software versions are affected by CVE-2023-28198?
CVE-2023-28198 affects iOS versions up to, but not including 16.4, iPadOS versions up to, but not including 16.4, and macOS Ventura versions up to, but not including 13.3.
What is the severity of CVE-2023-28198?
CVE-2023-28198 has a severity rating of 8.8 (high).
How can I fix CVE-2023-28198?
To fix CVE-2023-28198, update your iOS device to version 16.4, iPadOS device to version 16.4, or macOS Ventura device to version 13.3.
Where can I find more information about CVE-2023-28198?
You can find more information about CVE-2023-28198 at the following references: [link1], [link2], [link3].
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- collector/nvd-index
- vendor/apple
- canonical/apple macos ventura
- canonical/apple safari
- canonical/apple ios
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/13.0
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk
- vendor/wpewebkit
- canonical/wpewebkit wpe webkit