⚠ Actively exploited
Added to CISA KEV on 2023-05-22. Federal agencies required to patch by 2023-06-12. Required action: Apply updates per vendor instructions..
CVE-2023-32373 — Use After Free in Apple IOS AND Ipados
Severity
8.8HIGHNVD
EPSS
0.0%
top 87.24%
CISA KEV
KEV
Added 2023-05-22
Due 2023-06-12
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
KEV addedMay 22
KEV dueJun 12
PublishedJun 23
Latest updateJul 31
CISA Required Action: Apply updates per vendor instructions.
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages12 packages
Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0
🔴Vulnerability Details
4CVEList
▶
GHSA▶
GHSA-3x5r-c923-f923: A use-after-free issue was addressed with improved memory management↗2023-06-23