Apple Safari vulnerabilities
1,546 known vulnerabilities affecting apple/safari.
Total CVEs
1,546
CISA KEV
27
actively exploited
Public exploits
145
Exploited in wild
21
Severity breakdown
CRITICAL211HIGH575MEDIUM741LOW19
Vulnerabilities
Page 10 of 78
CVE-2023-41976HIGHCVSS 8.8fixed in 17.1≥ unspecified, < 17.12023-10-25
CVE-2023-41976 [HIGH] CWE-416 CVE-2023-41976: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-42852HIGHCVSS 8.8fixed in 17.1≥ unspecified, < 17.12023-10-25
CVE-2023-42852 [HIGH] CVE-2023-42852: A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, w
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-41983MEDIUMCVSS 6.5fixed in 17.1≥ unspecified, < 17.12023-10-25
CVE-2023-41983 [MEDIUM] CWE-119 CVE-2023-41983: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Saf
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.
cvelistv5nvd
CVE-2023-35074HIGHCVSS 8.8fixed in 17.0≥ unspecified, < 172023-09-27
CVE-2023-35074 [HIGH] CVE-2023-35074: The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, wa
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-41074HIGHCVSS 8.8fixed in 17.0≥ unspecified, < 172023-09-27
CVE-2023-41074 [HIGH] CVE-2023-41074: The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10,
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-40451HIGHCVSS 8.8fixed in 17.0≥ unspecified, < 172023-09-27
CVE-2023-40451 [HIGH] CVE-2023-40451: This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17.
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.
cvelistv5nvd
CVE-2023-40417MEDIUMCVSS 5.4fixed in 17.0≥ unspecified, < 172023-09-27
CVE-2023-40417 [MEDIUM] CVE-2023-40417: A window management issue was addressed with improved state management. This issue is fixed in Safar
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.
cvelistv5nvd
CVE-2022-48503HIGHCVSS 8.8KEVfixed in 15.6≥ unspecified, < 15.62023-08-14
CVE-2022-48503 [HIGH] CWE-129 CVE-2022-48503: The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7,
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-32445MEDIUMCVSS 6.1fixed in 16.6≥ unspecified, < 16.62023-07-28
CVE-2023-32445 [MEDIUM] CWE-79 CVE-2023-32445: This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.
cvelistv5nvd
CVE-2023-38599MEDIUMCVSS 6.5fixed in 16.6≥ unspecified, < 16.62023-07-28
CVE-2023-38599 [MEDIUM] CVE-2023-38599: A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watc
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.
cvelistv5nvd
CVE-2023-38597HIGHCVSS 8.8fixed in 16.6≥ unspecified, < 16.62023-07-27
CVE-2023-38597 [HIGH] CVE-2023-38597: The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-38611HIGHCVSS 8.8fixed in 16.6≥ unspecified, < 16.62023-07-27
CVE-2023-38611 [HIGH] CVE-2023-38611: The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-38595HIGHCVSS 8.8fixed in 16.6≥ unspecified, < 16.62023-07-27
CVE-2023-38595 [HIGH] CVE-2023-38595: The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-37450HIGHCVSS 8.8KEVfixed in 16.5.2≥ unspecified, < 16.52023-07-27
CVE-2023-37450 [HIGH] CVE-2023-37450: The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safar
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
cvelistv5nvd
CVE-2023-38572HIGHCVSS 7.5fixed in 16.6≥ unspecified, < 16.62023-07-27
CVE-2023-38572 [HIGH] CVE-2023-38572: The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.
cvelistv5nvd
CVE-2023-38594HIGHCVSS 8.8fixed in 16.6≥ unspecified, < 16.62023-07-27
CVE-2023-38594 [HIGH] CVE-2023-38594: The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-38600HIGHCVSS 8.8fixed in 16.6≥ unspecified, < 16.62023-07-27
CVE-2023-38600 [HIGH] CVE-2023-38600: The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-38133MEDIUMCVSS 6.5fixed in 16.6≥ unspecified, < 16.62023-07-27
CVE-2023-38133 [MEDIUM] CVE-2023-38133: The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.
cvelistv5nvd
CVE-2023-32409HIGHCVSS 8.6KEVfixed in 16.5≥ unspecified, < 16.52023-06-23
CVE-2023-32409 [HIGH] CVE-2023-32409: The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5,
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
cvelistv5nvd
CVE-2023-32373HIGHCVSS 8.8KEVfixed in 16.5≥ unspecified, < 16.52023-06-23
CVE-2023-32373 [HIGH] CWE-416 CVE-2023-32373: A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively
cvelistv5nvd