CVE-2023-28201 — Race Condition in Apple IOS AND Ipados

CWE-362 — Race Condition8 documents4 sources

Severity

9.8CRITICALNVD

EPSS

2.9%

top 13.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Safari +3 more

Timeline

PublishedMay 8

Description

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDapple/ipados16.0 — 16.4+1

▶CVEListV5apple/ios_and_ipadosunspecified — 16.4+1

▶CVEListV5apple/tvosunspecified — 16.4

▶CVEListV5apple/macosunspecified — 13.3

▶NVDapple/macos13.0 — 13.3

🔴Vulnerability Details

GHSA

GHSA-c8hj-7v4h-6ccv: This issue was addressed with improved state management↗2023-05-08

▶

CVEList

CVE-2023-28201: This issue was addressed with improved state management↗2023-05-08

▶

📋Vendor Advisories

Apple

CVE-2023-28201: Safari 16.4↗2023-03-27

▶

Apple

CVE-2023-28201: iOS 16.4 and iPadOS 16.4↗2023-03-27

▶

Apple

CVE-2023-28201: macOS Ventura 13.3↗2023-03-27

▶

Apple

CVE-2023-28201: iOS 15.7.4 and iPadOS 15.7.4↗2023-03-27

▶

Apple

CVE-2023-28201: tvOS 16.4↗2023-03-27

▶