CVE-2023-28205: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2023-05-01

Exploited in the wild

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ios_15.7.5_and_ipados	—	—
apple	ios_16.4.1_and_ipados	—	—
apple	ios_and_ipados	>= unspecified < 15.7	15.7
apple	ios_and_ipados	>= unspecified < 16.4	16.4
apple	ipados	< 15.7.5	15.7.5
apple	ipados	>= 16.0 < 16.4.1	16.4.1
apple	iphone_os	< 15.7.5	15.7.5
apple	iphone_os	>= 16.0 < 16.4.1	16.4.1
apple	macos	< 13.3.1	13.3.1
apple	macos	>= unspecified < 13.3	13.3
apple	macos_ventura	—	—
apple	safari	< 16.4.1	16.4.1
apple	safari	—	—
apple	safari	>= unspecified < 16.4	16.4
debian	webkit2gtk	< webkit2gtk 2.40.1-1 (bookworm)	webkit2gtk 2.40.1-1 (bookworm)
debian	webkit2gtk	—	—
debian	wpewebkit	< webkit2gtk 2.40.1-1 (bookworm)	webkit2gtk 2.40.1-1 (bookworm)
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—
webkitgtk	webkit2gtk3	—	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH

vulncheck8.8HIGH

cisa8.8HIGH