Search for vulnerabilities
Vulnerability details: VCID-erut-jjsw-3bhm
Vulnerability ID VCID-erut-jjsw-3bhm
Aliases CVE-2023-23529
Summary A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23529.json
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-23529
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-23529
cvssv3.1 8.8 https://support.apple.com/en-us/HT213633
ssvc Attend https://support.apple.com/en-us/HT213633
cvssv3.1 8.8 https://support.apple.com/en-us/HT213635
ssvc Attend https://support.apple.com/en-us/HT213635
cvssv3.1 8.8 https://support.apple.com/en-us/HT213638
ssvc Attend https://support.apple.com/en-us/HT213638
cvssv3.1 8.8 https://support.apple.com/en-us/HT213673
ssvc Attend https://support.apple.com/en-us/HT213673
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23529.json
https://api.first.org/data/v1/epss?cve=CVE-2023-23529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23529
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2169934 https://bugzilla.redhat.com/show_bug.cgi?id=2169934
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CVE-2023-23529 https://nvd.nist.gov/vuln/detail/CVE-2023-23529
HT213633 https://support.apple.com/en-us/HT213633
HT213635 https://support.apple.com/en-us/HT213635
HT213638 https://support.apple.com/en-us/HT213638
HT213673 https://support.apple.com/en-us/HT213673
RHSA-2023:0902 https://access.redhat.com/errata/RHSA-2023:0902
RHSA-2023:0903 https://access.redhat.com/errata/RHSA-2023:0903
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-5893-1 https://usn.ubuntu.com/5893-1/
Data source KEV
Date added Feb. 14, 2023
Description Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action Apply updates per vendor instructions.
Due date March 7, 2023
Note 
https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638;  https://nvd.nist.gov/vuln/detail/CVE-2023-23529
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23529.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23529
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213633
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213633
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213635
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213635
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213638
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213638
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213673
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:21:43Z/ Found at https://support.apple.com/en-us/HT213673
Exploit Prediction Scoring System (EPSS)
Percentile 0.19023
EPSS Score 0.0006
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:40:15.730050+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5893-1/ 37.0.0