PT-2023-2613 · Apple+8 · Ios+13

Clément Lecigne

+1

·

Publicado

2023-04-07

·

Atualizado

2026-04-13

·

CVE-2023-28205

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Safari versions prior to 16.4.1 iOS versions prior to 15.7.5 and prior to 16.4.1 iPadOS versions prior to 15.7.5 and prior to 16.4.1 macOS Ventura versions prior to 13.3.1
Description A use after free issue was addressed with improved memory management. This issue may lead to arbitrary code execution when processing maliciously crafted web content. Apple is aware of a report that this issue may have been actively exploited.
Recommendations Update Safari to version 16.4.1 or later. Update iOS to version 15.7.5 or 16.4.1 or later. Update iPadOS to version 15.7.5 or 16.4.1 or later. Update macOS Ventura to version 13.3.1 or later. As a temporary workaround, consider restricting access to malicious web content to minimize the risk of exploitation.

Exploit

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2023:1918
ALSA-2023:1919
ALSA-2023:2653
ALSA-2023:3108
ALSA-2023_1918
ALSA-2023_1919
BDU:2023-02452
CESA-2023_1919
CVE-2023-28205
DLA-3419-1
DSA-5396-1
DSA-5396-2
DSA-5397-1
ELSA-2023-1918
ELSA-2023-1919
MGASA-2023-0177
RHSA-2023:1918
RHSA-2023:1919
RHSA-2023_1918
RHSA-2023_1919
RHSA-2025:10364
RLSA-2023:1918
RLSA-2023:1919
RLSA-2023_1918
SUSE-SU-2023:2056-1
SUSE-SU-2023:2065-1
SUSE-SU-2023:2077-1
SUSE-SU-2023:2078-1
SUSE-SU-2023_2056-1
SUSE-SU-2023_2065-1
SUSE-SU-2023_2077-1
SUSE-SU-2023_2078-1
USN-6061-1

Produtos afetados

Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Webkit
Ios
Ipados
Macos Ventura