CVE-2023-23498 — Code Injection in Apple IOS AND Ipados

CWE-94 — Code Injection7 documents5 sources

Severity

3.3LOWNVD

GHSA8.8

EPSS

0.1%

top 66.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipados +6 more

Timeline

PublishedFeb 27

Latest updateJan 14

Description

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages10 packages

▶NVDapple/ipados16.0 — 16.3+1

▶CVEListV5apple/ios_and_ipadosunspecified — 16.3+1

▶Appleapple/macos_ventura13.2

▶Appleapple/ios_16.3_and_ipados16.3

▶Appleapple/ios_15.7.3_and_ipados15.7.3

🔴Vulnerability Details

GHSA

Shopware Has Improper Control of Generation of Code in Twig rendered views↗2026-01-14

▶

GHSA

GHSA-59mr-vp8c-2fgm: A logic issue was addressed with improved state management↗2023-02-27

▶

📋Vendor Advisories

Apple

CVE-2023-23498: iOS 15.7.3 and iPadOS 15.7.3↗2023-01-23

▶

Apple

CVE-2023-23498: macOS Ventura 13.2↗2023-01-23

▶

Apple

CVE-2023-23498: iOS 16.3 and iPadOS 16.3↗2023-01-23

▶