CVE-2023-23529 - OpenCVE

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Safari Macos Ipados

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

References

Link	Resource
https://support.apple.com/en-us/HT213633	Vendor Advisory
https://support.apple.com/en-us/HT213635	Vendor Advisory
https://support.apple.com/en-us/HT213638	Vendor Advisory
https://support.apple.com/en-us/HT213673

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2023-02-27T00:00:00

Updated: 2023-07-27T03:45:37.183Z

Reserved: 2023-01-12T00:00:00

Link: CVE-2023-23529

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-27T20:15:14.710

Modified: 2023-07-27T04:15:15.413

Link: CVE-2023-23529

JSON object: View

Redhat Information

No data.

CWE

CWE-843

{"cisaActionDue": "2023-03-07", "cisaExploitAdd": "2023-02-14", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple Multiple Products WebKit Type Confusion Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "99403ED1-F1EB-4E71-8937-DC09A226D520", "versionEndExcluding": "16.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5B28D85-E3A2-4118-A63D-C6D4BB0BDE3A", "versionEndExcluding": "16.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D2380DB-BDAF-461E-8200-1AE8044F618F", "versionEndExcluding": "16.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B40AA062-1B77-4AA0-B1ED-1E91761BC417", "versionEndExcluding": "13.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "id": "CVE-2023-23529", "lastModified": "2023-07-27T04:15:15.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-27T20:15:14.710", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213633"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213635"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213638"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT213673"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}