Lucene search

K

CISACISA-KEV-CVE-2023-32435

HistoryJun 23, 2023 - 12:00 a.m.

Apple Multiple Products WebKit Memory Corruption Vulnerability

2023-06-2300:00:00

CISA

www.cisa.gov

38

apple

webkit

memory corruption

vulnerability

code execution

web content

html parsing

safari

macos

ios

ipados

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

54.2%

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

54.2%

Related for CISA-KEV-CVE-2023-32435

cve1 ubuntucve1 osv7 attackerkb1 nvd1 prion1 cvelist1 redhatcve2 debiancve1 talosblog1 almalinux2 nessus18 oraclelinux2 thn5 openvas10 rocky2 malwarebytes1 amazon1 apple4 mageia1 redhat2 securelist1 schneier1 ubuntu1