First published: Thu May 18 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: James Duffy (mangoSecure) Kirin @Pwnrin Arsenii Kostromin (0x3c3e) Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga Ivan Fratric Google Project ZeroAdam M. Wojciech Regula SecuRingIgnacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty InternationalPan ZhenPeng @Peterpan0927 STAR Labs SG PteGerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfAdam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Michael DePlante @izobashi Trend Micro Zero Day InitiativeThijs Alkemade Computest Sector 7Jonathan Fritz Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecuritySergii Kryvoblotskyi MacPaw IncABC Research s.r.o. Google Project ZeroJiwon Park Mohamed GHANNAM @_simo36 Amat Cama Vigilant Labs product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | <16.5 | 16.5 |
Apple iOS | <16.5 | 16.5 |
Apple iPadOS | <16.5 | 16.5 |
Apple macOS | <13.4 | 13.4 |
watchOS | <9.5 | 9.5 |
Apple Safari | <16.5 | |
Apple iPadOS | >=16.0<16.5 | |
Apple iPhone OS | >=16.0<16.5 | |
Apple macOS | >=13.0<13.4 | |
tvOS | <16.5 | |
watchOS | <9.5 | |
tvOS | <16.5 | 16.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2023-32402.
The severity of CVE-2023-32402 is medium with a severity value of 6.5.
CVE-2023-32402 affects Safari 16.5, iOS 16.5, iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, and tvOS 16.5.
CVE-2023-32402 was fixed with improved input validation in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5, and iPadOS 16.5.
Yes, processing web content affected by CVE-2023-32402 may disclose sensitive information.