CVE-2023-28204

Name of the Vulnerable Software and Affected Versions Apple WebKit versions prior to watchOS 9.5 Apple WebKit versions prior to tvOS 16.5 Apple WebKit versions prior to macOS Ventura 13.4 Apple WebKit versions prior to iOS 15.7.6 Apple WebKit versions prior to iPadOS 15.7.6 Apple WebKit versions prior to Safari 16.5 Apple WebKit versions prior to iOS 16.5 Apple WebKit versions prior to iPadOS 16.5

Description The issue is related to an out-of-bounds read in the WebKit module, which may allow a remote attacker to disclose sensitive information using a specially crafted web page. Apple is aware of a report that this issue may have been actively exploited. The problem is caused by a RegExpGlobalData::performMatch issue leading to an out-of-bounds read.

Recommendations For watchOS versions prior to 9.5, update to watchOS 9.5 or later. For tvOS versions prior to 16.5, update to tvOS 16.5 or later. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 or later. For iOS versions prior to 15.7.6, update to iOS 15.7.6 or later. For iPadOS versions prior to 15.7.6, update to iPadOS 15.7.6 or later. For Safari versions prior to 16.5, update to Safari 16.5 or later. For iOS versions prior to 16.5, update to iOS 16.5 or later. For iPadOS versions prior to 16.5, update to iPadOS 16.5 or later.