← Voltar para CVEs

CVE-2023-43000

HIGHCISA KEV

8.8

Descricao

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

Detalhes CVE

Pontuacao CVSS v3.18.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado11/5/2025

Ultima modificacao3/12/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorApple

ProdutoMultiple Products

Nome da vulnerabilidadeApple Multiple products Use-After-Free Vulnerability

Data inclusao KEV2026-03-05

Prazo de remediacao2026-03-26

Uso em ransomwareUnknown

Produtos afetados

apple:ipadosapple:iphone_osapple:macosapple:safari

Fraquezas (CWE)

CWE-416CWE-416

Referencias

https://support.apple.com/en-us/120324(product-security@apple.com)

https://support.apple.com/en-us/120331(product-security@apple.com)

https://support.apple.com/en-us/120338(product-security@apple.com)

https://support.apple.com/en-us/126632(product-security@apple.com)

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.