⚠ Actively exploited
Added to CISA KEV on 2023-05-22. Federal agencies required to patch by 2023-06-12. Required action: Apply updates per vendor instructions..

CVE-2023-32409Protection Mechanism Failure in Apple IOS AND Ipados

CWE-693Protection Mechanism Failure14 documents9 sources
Severity
8.6HIGHNVD
EPSS
0.3%
top 44.13%
CISA KEV
KEV
Added 2023-05-22
Due 2023-06-12
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Apple IOS AND IpadosApple MacosApple Safari+4 more
Timeline
KEV addedMay 22
KEV dueJun 12
PublishedJun 23
Latest updateJul 24
CISA Required Action: Apply updates per vendor instructions.

Description

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages11 packages

NVDapple/ipados15.015.7.8+1
CVEListV5apple/ios_and_ipadosunspecified15.7+1
CVEListV5apple/tvosunspecified16.5
NVDapple/tvos< 16.5
CVEListV5apple/macosunspecified13.4

🔴Vulnerability Details

4
GHSA
GHSA-hwfm-xf3j-ph3g: The issue was addressed with improved bounds checks2023-06-23
CVEList
CVE-2023-32409: The issue was addressed with improved bounds checks2023-06-23
OSV
CVE-2023-32409: The issue was addressed with improved bounds checks2023-06-23
VulnCheck
Apple Multiple Products WebKit Sandbox Escape Vulnerability2023

📋Vendor Advisories

9
Apple
CVE-2023-32409: iOS 15.7.8 and iPadOS 15.7.82023-07-24
Red Hat
webkitgtk: remote attacker may be able to break out of the Web Content sandbox2023-05-22
CISA
Apple Multiple Products WebKit Sandbox Escape Vulnerability2023-05-22
Apple
CVE-2023-32409: watchOS 9.52023-05-18
Apple
CVE-2023-32409: iOS 16.5 and iPadOS 16.52023-05-18
CVE-2023-32409 — Protection Mechanism Failure in Apple | cvebase