← Back to CVEs

CVE-2023-43000

HIGHCISA KEV

8.8

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published11/5/2025

Last Modified3/12/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorApple

ProductMultiple Products

Vulnerability NameApple Multiple products Use-After-Free Vulnerability

KEV Date Added2026-03-05

Remediation Due Date2026-03-26

Ransomware UseUnknown

Affected Products

apple:ipadosapple:iphone_osapple:macosapple:safari

Weaknesses (CWE)

CWE-416CWE-416

References

https://support.apple.com/en-us/120324(product-security@apple.com)

https://support.apple.com/en-us/120331(product-security@apple.com)

https://support.apple.com/en-us/120338(product-security@apple.com)

https://support.apple.com/en-us/126632(product-security@apple.com)

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.