← Volver a CVEs

CVE-2023-43000

HIGHCISA KEV

8.8

Descripcion

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

Detalles CVE

Puntuacion CVSS v3.18.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado11/5/2025

Ultima modificacion3/12/2026

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorApple

ProductoMultiple Products

Nombre vulnerabilidadApple Multiple products Use-After-Free Vulnerability

Fecha inclusion KEV2026-03-05

Fecha limite remediacion2026-03-26

Uso en ransomwareUnknown

Productos afectados

apple:ipadosapple:iphone_osapple:macosapple:safari

Debilidades (CWE)

CWE-416CWE-416

Referencias

https://support.apple.com/en-us/120324(product-security@apple.com)

https://support.apple.com/en-us/120331(product-security@apple.com)

https://support.apple.com/en-us/120338(product-security@apple.com)

https://support.apple.com/en-us/126632(product-security@apple.com)

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.