CVE-2023-32358

Published: Aug 14, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

Affected (3)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	From 16.0 to 16.4
Apple Iphone Os	From 16.0 to 16.4
Apple Macos	From 13.0 to 13.3

Related CWEs

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (4)

https://support.apple.com/en-us/HT213670

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213676

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213670

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213676

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.