First published: Mon Mar 27 2023(Updated: )
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Credit: product-security@apple.com product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/webkit2gtk | <2.40.0 | 2.40.0 |
ubuntu/webkit2gtk | <2.40.4-0ubuntu0.22.04.1 | 2.40.4-0ubuntu0.22.04.1 |
Apple Safari | <16.4 | 16.4 |
debian/webkit2gtk | <=2.36.4-1~deb10u1<=2.38.6-0+deb10u1 | 2.42.2-1~deb11u1 2.42.5-1~deb11u1 2.42.2-1~deb12u1 2.42.5-1~deb12u1 2.42.5-1 |
debian/wpewebkit | <=2.38.6-1~deb11u1<=2.38.6-1 | 2.42.5-1 2.42.5-1.1 |
Apple Safari | <16.4 | |
Apple iPadOS | <15.7.7 | |
Apple iPadOS | >=16.0<16.4 | |
Apple iPhone OS | <15.7.7 | |
Apple iPhone OS | >=16.0<16.4 | |
Apple macOS | >=13.0<13.3 | |
Apple macOS Ventura | <13.3 | 13.3 |
Apple iOS | <16.4 | 16.4 |
Apple iPadOS | <16.4 | 16.4 |
Apple Multiple Products | ||
<16.4 | ||
<15.7.7 | ||
>=16.0<16.4 | ||
<15.7.7 | ||
>=16.0<16.4 | ||
>=13.0<13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The severity of CVE-2023-32435 is rated as high with a severity value of 8.8.
CVE-2023-32435 affects Apple Multiple Products, Apple iOS, Apple iPadOS, and Apple Safari.
To fix CVE-2023-32435, update to the patched versions of the affected software: macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4.
CVE-2023-32435 can lead to arbitrary code execution when processing web content.
You can find more information about CVE-2023-32435 on Apple's official security advisory: https://support.apple.com/en-us/HT213670