← Voltar para CVEs

CVE-2023-28204

MEDIUMCISA KEV

6.5

Descricao

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Detalhes CVE

Pontuacao CVSS v3.16.5

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado6/23/2023

Ultima modificacao10/23/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorApple

ProdutoMultiple Products

Nome da vulnerabilidadeApple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Data inclusao KEV2023-05-22

Prazo de remediacao2023-06-12

Uso em ransomwareUnknown

Produtos afetados

apple:ipadosapple:iphone_osapple:macosapple:safariapple:tvosapple:watchoswebkitgtk:webkitgtk\+

Fraquezas (CWE)

CWE-125CWE-125

Referencias

https://security.gentoo.org/glsa/202401-04(product-security@apple.com)

https://support.apple.com/en-us/HT213757(product-security@apple.com)

https://support.apple.com/en-us/HT213758(product-security@apple.com)

https://support.apple.com/en-us/HT213761(product-security@apple.com)

https://support.apple.com/en-us/HT213762(product-security@apple.com)

https://support.apple.com/en-us/HT213764(product-security@apple.com)

https://support.apple.com/en-us/HT213765(product-security@apple.com)

https://security.gentoo.org/glsa/202401-04(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213757(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213758(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213761(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213762(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213764(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213765(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.