Severity
High
Analysis Summary
CVE-2023-32373 CVSS:8.8
Apple Safari, tvOS, iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-32409 CVSS:6.5
Apple Safari, iOS and iPadOS could allow a remote attacker to bypass security restrictions, caused by a flaw in the WebKit component. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to break out of Web Content sandbox.
Impact
- Code Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-32373
- CVE-2023-32409
Affected Vendors
Apple
Affected Products
- Apple Safari 16.4
- Apple iOS 15.7.5
- Apple iPadOS 15.7.5
- Apple iOS 16.4
- Apple iPadOS 16.4
- Apple tvOS 16.4
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.
Apple iOS 16.5 and Apple iPadOS 16.5