← Back

CVE-2023-28205

nvd nist
Published: Apr 10, 2023Modified: Oct 23, 2025CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Affected (6)

Apple
4 products
Ipados
Iphone Os
Macos
Safari
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Ipados
Before 15.7.5
Ipados
From 16.0 to 16.4.1
Apple
Iphone Os
Before 15.7.5
Iphone Os
From 16.0 to 16.4.1
Macos
Before 13.3.1
Safari
Before 16.4.1

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (9)

Source: product-security@apple.com
Release Notes
Source: product-security@apple.com
Release Notes
Source: product-security@apple.com
Release Notes
Source: product-security@apple.com
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.