CVE-2023-40403 — Sensitive Information Exposure in Apple IOS AND Ipados

CWE-200 — Sensitive Information Exposure13 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 66.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +10 more

Timeline

PublishedSep 27

Latest updateJun 26

Description

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages18 packages

▶Appleapple/macos_sonoma14

▶Appleapple/macos_ventura13.6

▶Appleapple/macos_monterey12.7

▶CVEListV5apple/macosunspecified — 12.7+2

▶NVDapple/macos12.0.0 — 12.7+1

🔴Vulnerability Details

OSV

CVE-2023-40403: The issue was addressed with improved memory handling↗2023-09-27

▶

GHSA

GHSA-j822-w26r-9cxf: The issue was addressed with improved memory handling↗2023-09-27

▶

📋Vendor Advisories

Ubuntu

libxslt vulnerability↗2025-06-26

▶

Apple

CVE-2023-40403: macOS Sonoma 14↗2023-09-26

▶

Red Hat

libxslt: Processing web content may disclose sensitive information↗2023-09-26

▶

Apple

CVE-2023-40403: macOS Ventura 13.6↗2023-09-21

▶

Apple

CVE-2023-40403: iOS 16.7 and iPadOS 16.7↗2023-09-21

▶