PT-2023-2613 · Apple+8 · Ios+13

Clément Lecigne

+1

·

Published

2023-04-07

·

Updated

2026-04-13

·

CVE-2023-28205

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Safari versions prior to 16.4.1 iOS versions prior to 15.7.5 and prior to 16.4.1 iPadOS versions prior to 15.7.5 and prior to 16.4.1 macOS Ventura versions prior to 13.3.1
Description A use after free issue was addressed with improved memory management. This issue may lead to arbitrary code execution when processing maliciously crafted web content. Apple is aware of a report that this issue may have been actively exploited.
Recommendations Update Safari to version 16.4.1 or later. Update iOS to version 15.7.5 or 16.4.1 or later. Update iPadOS to version 15.7.5 or 16.4.1 or later. Update macOS Ventura to version 13.3.1 or later. As a temporary workaround, consider restricting access to malicious web content to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:1918
ALSA-2023:1919
ALSA-2023:2653
ALSA-2023:3108
ALSA-2023_1918
ALSA-2023_1919
BDU:2023-02452
CESA-2023_1919
CVE-2023-28205
DLA-3419-1
DSA-5396-1
DSA-5396-2
DSA-5397-1
ELSA-2023-1918
ELSA-2023-1919
MGASA-2023-0177
RHSA-2023:1918
RHSA-2023:1919
RHSA-2023_1918
RHSA-2023_1919
RHSA-2025:10364
RLSA-2023:1918
RLSA-2023:1919
RLSA-2023_1918
SUSE-SU-2023:2056-1
SUSE-SU-2023:2065-1
SUSE-SU-2023:2077-1
SUSE-SU-2023:2078-1
SUSE-SU-2023_2056-1
SUSE-SU-2023_2065-1
SUSE-SU-2023_2077-1
SUSE-SU-2023_2078-1
USN-6061-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Webkit
Ios
Ipados
Macos Ventura