VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-dyz6-snjj-aaad

Essentials
Severities (96)
References (20)
Severity details (12)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-dyz6-snjj-aaad
Aliases	CVE-2023-23529
Summary	A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Status	Published
Exploitability	2.0
Weighted Severity	7.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23529.json
epss	0.00032	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00032	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00032	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00032	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00032	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2023-23529
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-23529
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-23529
cvssv3.1	8.8	https://support.apple.com/en-us/HT213633
ssvc	Attend	https://support.apple.com/en-us/HT213633
cvssv3.1	8.8	https://support.apple.com/en-us/HT213635
ssvc	Attend	https://support.apple.com/en-us/HT213635
cvssv3.1	8.8	https://support.apple.com/en-us/HT213638
ssvc	Attend	https://support.apple.com/en-us/HT213638
cvssv3.1	8.8	https://support.apple.com/en-us/HT213673
ssvc	Attend	https://support.apple.com/en-us/HT213673

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23529.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-23529
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23529
		http://seclists.org/fulldisclosure/2023/Mar/20
		http://seclists.org/fulldisclosure/2023/May/7
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.gentoo.org/glsa/202305-32
		https://support.apple.com/en-us/HT213633
		https://support.apple.com/en-us/HT213635
		https://support.apple.com/en-us/HT213638
		https://support.apple.com/en-us/HT213673
2169934		https://bugzilla.redhat.com/show_bug.cgi?id=2169934
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
CVE-2023-23529		https://nvd.nist.gov/vuln/detail/CVE-2023-23529
RHSA-2023:0902		https://access.redhat.com/errata/RHSA-2023:0902
RHSA-2023:0903		https://access.redhat.com/errata/RHSA-2023:0903
USN-5893-1		https://usn.ubuntu.com/5893-1/

Data source	KEV
Date added	Feb. 14, 2023
Description	Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply updates per vendor instructions.
Due date	March 7, 2023
Note	https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638; https://nvd.nist.gov/vuln/detail/CVE-2023-23529
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23529.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23529

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23529

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213633

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213633

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213635

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213635

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213638

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213638

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213673

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213673

Exploit Prediction Scoring System (EPSS)

Percentile	0.05942
EPSS Score	0.00032
Published At	April 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.