← Retour aux CVEs

CVE-2023-43000

HIGHCISA KEV

8.8

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie11/5/2025

Derniere modification3/12/2026

Sourcekev

Observations honeypot0

CISA KEV

FournisseurApple

ProduitMultiple Products

Nom vulnerabiliteApple Multiple products Use-After-Free Vulnerability

Date ajout KEV2026-03-05

Date limite remediation2026-03-26

Utilise dans ransomwareUnknown

Produits affectes

apple:ipadosapple:iphone_osapple:macosapple:safari

Faiblesses (CWE)

CWE-416CWE-416

References

https://support.apple.com/en-us/120324(product-security@apple.com)

https://support.apple.com/en-us/120331(product-security@apple.com)

https://support.apple.com/en-us/120338(product-security@apple.com)

https://support.apple.com/en-us/126632(product-security@apple.com)

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.