CVE-2023-28205
Published Apr 10, 2023
Last updated 6 months ago
- Description
- A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- safari, ipados, iphone_os, macos
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products WebKit Use-After-Free Vulnerability
- Exploit added on
- Apr 10, 2023
- Exploit action due
- May 1, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
🚨 [HIGH] Active exploitation detected: CVE-2023-28205 Exploit in the wild confirmed for CVE-2023-28205 (CVSS null). Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that ... 🔗 https://t.co/RZBhpWnHFz #ZeroDay #ExploitInWild #CyberSecurity
@ctiwatchcloud
13 Apr 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The webkit "CVE-2023-28205" poc code triggers a uaf vulnerability by delaying the addition of Map and Date objects to let the GC free them, potentially leading to accessing freed objects and causing memory corruption or exploits.
@ntfargo
1 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-0012 2 - CVE-2023-28205 3 - CVE-2024-52443 4 - CVE-2024-49019 5 - CVE-2024-11477 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Dec 2024
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
► ntfargo uaf webkit vulnerability can be tested here: https://t.co/AN4C1lKHH4 ► CVE-2023-28205, his vulnerability can be exploited through maliciously crafted web content, enabling attackers to execute arbitrary code. ► works on PS5 6.xx & 7.xx ► https://t.co/q9aOUmh2uo
@BrutalSam_
1 Dec 2024
3750 Impressions
10 Retweets
69 Likes
3 Bookmarks
3 Replies
0 Quotes
PS5 Update CVE-2023-28205 New WebKit vulnerability useful for firmware 7... https://t.co/tZY4oBLUW1 via @YouTube
@RobinsonPauli18
1 Dec 2024
1834 Impressions
1 Retweet
36 Likes
0 Bookmarks
3 Replies
0 Quotes
Nathan Fargo +PS5+ ? CVE-2023-28205 "Esta vulnerabilidad de WebKit parece ser útil para el firmware 7.61 y versiones anteriores" ? Incibe:https://t.co/CxicDjGC3K Github:https://t.co/UfSbNDd2dK Test: -https://t.co/RFVCvRHUUC Agradecimientos: -@ntfargo
@TeRex777_
30 Nov 2024
3761 Impressions
3 Retweets
41 Likes
2 Bookmarks
2 Replies
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22BA2E4E-2C6C-47A8-810E-A67D1E8ABA88",
"versionEndExcluding": "16.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "968ADFDD-5716-4F75-BCA2-DD8486ED9618",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1711DE-4691-42B7-8661-51B11C3E5B98",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26F1A4-8813-40E4-B939-AFC1F75953CC",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96B6C1F1-6F18-43F9-83B6-58A214525B72",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39C8733E-1512-47A9-BC06-73276A0EFAF7",
"versionEndExcluding": "13.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]