← Volver a CVEs

CVE-2023-28204

MEDIUMCISA KEV

6.5

Descripcion

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Detalles CVE

Puntuacion CVSS v3.16.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado6/23/2023

Ultima modificacion10/23/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorApple

ProductoMultiple Products

Nombre vulnerabilidadApple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Fecha inclusion KEV2023-05-22

Fecha limite remediacion2023-06-12

Uso en ransomwareUnknown

Productos afectados

apple:ipadosapple:iphone_osapple:macosapple:safariapple:tvosapple:watchoswebkitgtk:webkitgtk\+

Debilidades (CWE)

CWE-125CWE-125

Referencias

https://security.gentoo.org/glsa/202401-04(product-security@apple.com)

https://support.apple.com/en-us/HT213757(product-security@apple.com)

https://support.apple.com/en-us/HT213758(product-security@apple.com)

https://support.apple.com/en-us/HT213761(product-security@apple.com)

https://support.apple.com/en-us/HT213762(product-security@apple.com)

https://support.apple.com/en-us/HT213764(product-security@apple.com)

https://support.apple.com/en-us/HT213765(product-security@apple.com)

https://security.gentoo.org/glsa/202401-04(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213757(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213758(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213761(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213762(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213764(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213765(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.