CVE-2023-32359
published 2023-10-25CVE-2023-32359: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.95%
56.9th percentile
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.7.2_and_ipados | — | — |
| apple | ios_17_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.7 | 16.7 |
| apple | ipados | < 16.7.2 | 16.7.2 |
| apple | iphone_os | < 16.7.2 | 16.7.2 |
| apple | macos_sonoma | — | — |
| debian | webkit2gtk | < webkit2gtk 2.42.1-1~deb12u1 (bookworm) | webkit2gtk 2.42.1-1~deb12u1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.42.1-1~deb12u1 (bookworm) | webkit2gtk 2.42.1-1~deb12u1 (bookworm) |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: User password may be read aloud by a text-to-speech accessibility feature
vendor_redhat·2023-11-15·CVSS 7.5
CVE-2023-32359 [HIGH] webkitgtk: User password may be read aloud by a text-to-speech accessibility feature
webkitgtk: User password may be read aloud by a text-to-speech accessibility feature
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
A flaw was found in webkitgtk where a user’s password may be read aloud by a text-to-speech accessibility feature.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Apple
CVE-2023-32359: iOS 16.7.2 and iPadOS 16.7.2
vendor_apple·2023-10-25·CVSS 7.5
CVE-2023-32359 [HIGH] CVE-2023-32359: iOS 16.7.2 and iPadOS 16.7.2
Apple Security Update: About the security content of iOS 16.7.2 and iPadOS 16.7.2
Product: iOS 16.7.2 and iPadOS
Version: 16.7.2
CVE: CVE-2023-32359
Component: WebKit
Impact: A user's password may be read aloud by VoiceOver
Description: This issue was addressed with improved redaction of sensitive information.
Apple
CVE-2023-32359: macOS Sonoma 14
vendor_apple·2023-09-26·CVSS 7.5
CVE-2023-32359 [HIGH] CVE-2023-32359: macOS Sonoma 14
Apple Security Update: About the security content of macOS Sonoma 14
Product: macOS Sonoma
Version: 14
CVE: CVE-2023-32359
Component: WebKit
Impact: A user's password may be read aloud by VoiceOver
Description: This issue was addressed with improved redaction of sensitive information.
Apple
CVE-2023-32359: iOS 17 and iPadOS 17
vendor_apple·2023-09-18·CVSS 7.5
CVE-2023-32359 [HIGH] CVE-2023-32359: iOS 17 and iPadOS 17
Apple Security Update: About the security content of iOS 17 and iPadOS 17
Product: iOS 17 and iPadOS
Version: 17
CVE: CVE-2023-32359
Component: WebKit
Impact: A user's password may be read aloud by VoiceOver
Description: This issue was addressed with improved redaction of sensitive information.
Debian
CVE-2023-32359: webkit2gtk - This issue was addressed with improved redaction of sensitive information. This ...
vendor_debian·2023·CVSS 7.5
CVE-2023-32359 [HIGH] CVE-2023-32359: webkit2gtk - This issue was addressed with improved redaction of sensitive information. This ...
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
Scope: local
bookworm: resolved (fixed in 2.42.1-1~deb12u1)
bullseye: resolved (fixed in 2.42.1-1~deb11u1)
forky: resolved (fixed in 2.42.0-1)
sid: resolved (fixed in 2.42.0-1)
trixie: resolved (fixed in 2.42.0-1)
GHSA
GHSA-m58q-xcxc-4q6h: This issue was addressed with improved redaction of sensitive information
ghsa_unreviewed·2023-10-25
CVE-2023-32359 [HIGH] GHSA-m58q-xcxc-4q6h: This issue was addressed with improved redaction of sensitive information
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
OSV
CVE-2023-32359: This issue was addressed with improved redaction of sensitive information
osv·2023-10-25·CVSS 7.5
CVE-2023-32359 [HIGH] CVE-2023-32359: This issue was addressed with improved redaction of sensitive information
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2023/Oct/23http://www.openwall.com/lists/oss-security/2023/11/15/1https://security.gentoo.org/glsa/202401-33https://support.apple.com/en-us/HT213981http://seclists.org/fulldisclosure/2023/Oct/23http://www.openwall.com/lists/oss-security/2023/11/15/1https://security.gentoo.org/glsa/202401-33https://support.apple.com/en-us/HT213981
2023-10-25
Published