ByteOS Network

NVD Vulnerability Details :

CVE-2023-32409

Analyzed

Source-product-security@apple.com

View Known Exploited Vulnerability (KEV) details

Published At-23 Jun, 2023 | 18:15

Updated At-13 Jan, 2026 | 22:23

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2023-05-22	2023-06-12	Apple Multiple Products WebKit Sandbox Escape Vulnerability	Apply updates per vendor instructions.

Date Added: 2023-05-22

Due Date: 2023-06-12

Vulnerability Name: Apple Multiple Products WebKit Sandbox Escape Vulnerability

Required Action: Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Secondary	3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Type: Primary

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CPE Matches

Apple Inc.

>>safari>>Versions before 16.5(exclusive)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Apple Inc.

>>ipados>>Versions from 15.0(inclusive) to 15.7.8(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>ipados>>Versions from 16.0(inclusive) to 16.5(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions from 15.0(inclusive) to 15.7.8(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions from 16.0(inclusive) to 16.5(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions from 13.0(inclusive) to 13.4(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>tvos>>Versions before 16.5(exclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Apple Inc.

>>watchos>>Versions before 9.5(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://support.apple.com/en-us/HT213757	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT213758	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT213761	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT213762	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT213764	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT213842	product-security@apple.com	Vendor Advisory
https://support.apple.com/en-us/HT213757	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT213758	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT213761	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT213762	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT213764	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/en-us/HT213842	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32409	134c704f-9b21-4f2e-91b3-4a467353bcc0	US Government Resource