Search for vulnerabilities
Vulnerability details: VCID-j9e6-45q8-wqbp
Vulnerability ID VCID-j9e6-45q8-wqbp
Aliases CVE-2023-32373
Summary A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32373.json
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2023-32373
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-32373
cvssv3.1 8.8 https://security.gentoo.org/glsa/202401-04
ssvc Attend https://security.gentoo.org/glsa/202401-04
cvssv3.1 8.8 https://support.apple.com/en-us/HT213757
ssvc Attend https://support.apple.com/en-us/HT213757
cvssv3.1 8.8 https://support.apple.com/en-us/HT213758
ssvc Attend https://support.apple.com/en-us/HT213758
cvssv3.1 8.8 https://support.apple.com/en-us/HT213761
ssvc Attend https://support.apple.com/en-us/HT213761
cvssv3.1 8.8 https://support.apple.com/en-us/HT213762
ssvc Attend https://support.apple.com/en-us/HT213762
cvssv3.1 8.8 https://support.apple.com/en-us/HT213764
ssvc Attend https://support.apple.com/en-us/HT213764
cvssv3.1 8.8 https://support.apple.com/en-us/HT213765
ssvc Attend https://support.apple.com/en-us/HT213765
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32373.json
https://api.first.org/data/v1/epss?cve=CVE-2023-32373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32373
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
202401-04 https://security.gentoo.org/glsa/202401-04
2209214 https://bugzilla.redhat.com/show_bug.cgi?id=2209214
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2023-32373 https://nvd.nist.gov/vuln/detail/CVE-2023-32373
HT213757 https://support.apple.com/en-us/HT213757
HT213758 https://support.apple.com/en-us/HT213758
HT213761 https://support.apple.com/en-us/HT213761
HT213762 https://support.apple.com/en-us/HT213762
HT213764 https://support.apple.com/en-us/HT213764
HT213765 https://support.apple.com/en-us/HT213765
RHSA-2023:3432 https://access.redhat.com/errata/RHSA-2023:3432
RHSA-2023:3433 https://access.redhat.com/errata/RHSA-2023:3433
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-6264-1 https://usn.ubuntu.com/6264-1/
Data source KEV
Date added May 22, 2023
Description Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action Apply updates per vendor instructions.
Due date June 12, 2023
Note 
https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765; https://nvd.nist.gov/vuln/detail/CVE-2023-32373
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32373.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32373
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202401-04
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:25:28Z/ Found at https://security.gentoo.org/glsa/202401-04
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213757
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:25:28Z/ Found at https://support.apple.com/en-us/HT213757
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213758
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:25:28Z/ Found at https://support.apple.com/en-us/HT213758
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213761
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:25:28Z/ Found at https://support.apple.com/en-us/HT213761
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213762
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:25:28Z/ Found at https://support.apple.com/en-us/HT213762
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:25:28Z/ Found at https://support.apple.com/en-us/HT213764
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213765
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:25:28Z/ Found at https://support.apple.com/en-us/HT213765
Exploit Prediction Scoring System (EPSS)
Percentile 0.01507
EPSS Score 0.00013
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:50.156179+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6264-1/ 37.0.0