CVE-2023-23529

Published on: Not Yet Published

Last Modified on: 03/28/2023 05:15:00 AM UTC

CVE-2023-23529

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Ipados from Apple contain the following vulnerability:

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2023-23529 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Apple - iOS and iPadOS version < 16.3
  • Affected Vendor/Software: URL Logo Apple - Safari version < 16.3
  • Affected Vendor/Software: URL Logo Apple - macOS version < 13.2

CVSS3 Score: 8.8 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVE References

Description Tags Link
About the security content of iOS 16.3.1 and iPadOS 16.3.1 - Apple Support support.apple.com
text/html
 URL Logo MISC support.apple.com/en-us/HT213635
Full Disclosure: APPLE-SA-2023-03-27-2 iOS 15.7.4 and iPadOS 15.7.4 seclists.org
text/html
 URL Logo FULLDISC 20230327 APPLE-SA-2023-03-27-2 iOS 15.7.4 and iPadOS 15.7.4
About the security content of macOS Ventura 13.2.1 - Apple Support support.apple.com
text/html
 URL Logo MISC support.apple.com/en-us/HT213633
About the security content of Safari 16.3 - Apple Support support.apple.com
text/html
 URL Logo MISC support.apple.com/en-us/HT213638
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 160475 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-0903)
  • 160479 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-0902)
  • 181568 Debian Security Update for webkit2gtk (DLA 3320-1)
  • 181664 Debian Security Update for webkit2gtk (DSA 5351-1)
  • 181668 Debian Security Update for wpewebkit (DSA 5352-1)
  • 199193 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-5893-1)
  • 241212 Red Hat Update for webkit2gtk3 (RHSA-2023:0902)
  • 241213 Red Hat Update for webkit2gtk3 (RHSA-2023:0903)
  • 283717 Fedora Security Update for webkitgtk (FEDORA-2023-2dc87954d9)
  • 283729 Fedora Security Update for webkit2gtk3 (FEDORA-2023-efe0594c2b)
  • 377967 Apple macOS Ventura 13.2.1 Not Installed (HT213633)
  • 377968 Apple Safari arbitrary code execution Vulnerability (HT213638)
  • 378047 Alibaba Cloud Linux Security Update for webkit2gtk3 (ALINUX3-SA-2023:0029)
  • 610469 Apple iOS 16.3.1 and iPadOS 16.3.1 Security Update Missing
  • 610474 Apple iOS 15.7.4 and iPadOS 15.7.4 Security Update Missing
  • 610476 Apple iOS 15.7.4 and iPadOS 15.7.4 Security Update Missing
  • 753782 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:0490-1)
  • 753793 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:0573-1)
  • 753870 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:1681-1)
  • 940937 AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:0902)
  • 940938 AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:0903)
  • 960665 Rocky Linux Security Update for webkit2gtk3 (RLSA-2023:0902)
  • 960666 Rocky Linux Security Update for webkit2gtk3 (RLSA-2023:0903)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		AppleIpadosAllAllAllAll
Operating
System		AppleIphone OsAllAllAllAll
Operating
System		AppleMacosAllAllAllAll
ApplicationAppleSafariAllAllAllAll
  • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @aaronjschaffer Apple announces it has patched WebKit type confusion bug CVE-2023-23529 on iOS/iPadOS 16.3.1. “Apple is aware of a… twitter.com/i/web/status/1… 2023-02-13 18:54:02
Twitter Icon @CKsTechNews #Apple fixes new WebKit zero-day exploited to hack iPhones, Macs CVE-2023-23529 support.apple.com/en-us/HT213635 Details support.apple.com/en-us/HT213633 2023-02-13 19:28:47
Twitter Icon @ando_Tw Safariのアップデートが来ていた。CVE-2023-23529。 twitter.com/BleepinCompute… 2023-02-13 19:46:30
Twitter Icon @macmacintosh Blog更新しました(*^_^*)→ macOS Ventura 13.2.1(22D68)リリース。 バグ修正、セキュリティFixとして積極的に悪用された可能性があるCVE-2023-23529に対処。当方ではPioneer製… twitter.com/i/web/status/1… 2023-02-13 20:41:47
Twitter Icon @it4sec iOS 16.3.1: An issue with Webkit, CVE-2023-23529, was fixed. Apple report that this issue may have been actively e… twitter.com/i/web/status/1… 2023-02-13 20:57:42
Twitter Icon @ClassicII_MrMac Apple released Safari 13.6.1 for macOS Monterey and Big Sur to address CVE-2023-23529. The only problem? The Safar… twitter.com/i/web/status/1… 2023-02-13 21:30:18
Twitter Icon @0xmachos macOS 13.2.1, iOS 16.3.1 & Safari 16.3.1 all patch, among other bugs, a type confusion bug (CVE-2023-23529) that le… twitter.com/i/web/status/1… 2023-02-13 21:47:22
Twitter Icon @jingbay AppleがiOS、macOSで実際に攻撃されているCVE-2023-23529の修正をリリース。Safariで悪意あるページを開くだけでRCEが可能だった。 use after freeであるCVE-2023-23514も修正… twitter.com/i/web/status/1… 2023-02-13 21:48:41
Twitter Icon @BushidoToken ⚠️ Zero Day alert: CVE-2023-23529 > Affects Apple WebKit for iOS, iPadOS, and macOS > Exploited after opening a m… twitter.com/i/web/status/1… 2023-02-13 22:06:46
Twitter Icon @inthewildio CVE-2023-23529 is getting exploited #inthewild. Find out more at inthewild.io/vuln/CVE-2023-… 2023-02-13 22:12:29
Twitter Icon @MachinaRecord 【アップル、iPhoneやMacのハッキングに悪用されるWebKitの新たなゼロデイを修正:CVE-2023-23529】同社は実際の攻撃で悪用されている同脆弱性に対処するため、緊急セキュリティアップデートをリリース。同脆弱性はO… twitter.com/i/web/status/1… 2023-02-13 22:52:10
Twitter Icon @MachinaRecord 脆弱性CVE-2023-23529の影響を受けるアップルデバイスには以下が含まれるという: ・iPhone 8とそれ以降のモデル ・iPad Pro(全モデル), 第3世代以降のiPad Air, 第5世代以降のiPadとiPad ・OSがVenturaのMac 2023-02-13 22:52:10
Twitter Icon @MooseTender Got @Apple MacBooks, iPads or iPhones? Update your junk because CVE-2023-23529 is being exploited. https://t.co/9epOXZqPw8 2023-02-14 00:29:51
Twitter Icon @the_yellow_fall CVE-2023-23529: First zero-day patched by Apple this year securityonline.info/cve-2023-23529… #opensource #infosec #security #pentesting 2023-02-14 00:35:23
Twitter Icon @AcooEdi CVE-2023-23529: First zero-day patched by Apple this year dlvr.it/SjN0Hj via securityonline https://t.co/NM0JNCK1I4 2023-02-14 00:42:05
Twitter Icon @FilipiPires CVE-2023-23529: First zero-day patched by Apple this year ift.tt/Kxk5mdt #security #opensource… twitter.com/i/web/status/1… 2023-02-14 01:33:47
Twitter Icon @Komodosec #Vulnerability #Apple CVE-2023-23529: First zero-day patched by Apple this year securityonline.info/cve-2023-23529… 2023-02-14 01:39:02
Twitter Icon @Levorg_Z 2023年2月14日(火)、Appleが開発するOSの最新バージョンとなる「iOS 16.3.1」と「iPadOS 16.3.1」の配信が開始されました。これらは「CVE-2023-23514」や「CVE-2023-23529」と… twitter.com/i/web/status/1… 2023-02-14 01:47:40
Twitter Icon @ipssignatures The vuln CVE-2023-23529 has a tweet created 0 days ago and retweeted 13 times. twitter.com/jingbay/status… #pow1rtrtwwcve 2023-02-14 02:06:00
Twitter Icon @__kokumoto AppleがiPhoneとmacのハッキングに悪用されているWebKitのゼロデイ脆弱性(CVE-2023-23529)を緊急修正。型の取り違え脆弱性で、任意コード実行が可能。Google Project Zero報告の、カーネル… twitter.com/i/web/status/1… 2023-02-14 03:33:16
Twitter Icon @manabu2111 監視できる可能性がある問題(CVE-2023-23522)、悪意をもって作成されたWebコンテンツを処理すると任意のコードが実行される可能性がある問題(CVE-2023-23529)について対処、Safariでも、macOS Bi… twitter.com/i/web/status/1… 2023-02-14 03:46:33
Twitter Icon @TheHackersNews ⚡ Apple has released URGENT security updates to address a new ZERO-DAY #vulnerability (CVE-2023-23529) discovered i… twitter.com/i/web/status/1… 2023-02-14 04:46:05
Twitter Icon @_DrFrusci ⚡ Apple has released URGENT security updates to address a new ZERO-DAY #vulnerability (CVE-2023-23529) discovered i… twitter.com/i/web/status/1… 2023-02-14 04:46:56
Twitter Icon @IT_news_for_all ⚡ Apple has released URGENT security updates to address a new ZERO-DAY vulnerability (CVE-2023-23529) discovered in… twitter.com/i/web/status/1… 2023-02-14 04:48:27
Twitter Icon @catnap707 Apple、「iOS」などのアップデートを公開 - ゼロデイ攻撃発生か:Security NEXT security-next.com/143654 "「CVE-2023-23529」は、細工されたウェブコンテンツを読み込むと任意… twitter.com/i/web/status/1… 2023-02-14 05:04:42
Twitter Icon @Swati_THN ⚡ Apple has released URGENT security updates to address a new ZERO-DAY #vulnerability (CVE-2023-23529) discovered i… twitter.com/i/web/status/1… 2023-02-14 05:06:00
Twitter Icon @EchelonEyes Исправлена уязвимость нулевого дня в iOS, iPadOS, macOS и Safari Проблеме присвоен идентификатор CVE-2023-23529, о… twitter.com/i/web/status/1… 2023-02-14 06:02:35
Twitter Icon @CyberIL חברת אפל משחררת עדכון חירום לטיפול בחולשת Zero-Day המאפשרת השתלטות על אייפון, אייפד ומאק ? החולשה - CVE-2023-23529… twitter.com/i/web/status/1… 2023-02-14 06:57:39
Twitter Icon @IT_news_for_all / iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day CVE-2023-23529 - bug in the WebKit browser engine… twitter.com/i/web/status/1… 2023-02-14 07:02:46
Twitter Icon @unix_root ⚡ Apple has released URGENT security updates to address a new ZERO-DAY #vulnerability (CVE-2023-23529) discovered i… twitter.com/i/web/status/1… 2023-02-14 08:06:00
Twitter Icon @MachinaRecord ?アップル、iPhoneおよびMacにおける今年初のゼロデイを修正(CVE-2023-23529) ?中国ハッカーTonto TeamによるGroup-IBへの2度目の攻撃は失敗 ⚠️DarkBitと名乗る新たなサイバー犯罪グ… twitter.com/i/web/status/1… 2023-02-14 08:58:21
Twitter Icon @security_wang ⚡ Apple has released URGENT security updates to address a new ZERO-DAY #vulnerability (CVE-2023-23529) discovered i… twitter.com/i/web/status/1… 2023-02-14 09:06:00
Twitter Icon @HAPPLEU @piniriv מדובר בעדכון חשוב לטיפול בחולשת zero day. החולשה CVE-2023-23529 מאפשרת לתוקף לגרום לקריסה של מערכת ההפעלה… twitter.com/i/web/status/1… 2023-02-14 09:17:41
Twitter Icon @lesnums Une vulnérabilité zero-day, identifiée sous le code CVE-2023-23529, vient d'être corrigée par Apple. La mise à jour… twitter.com/i/web/status/1… 2023-02-14 09:29:25
Twitter Icon @SecurityWeek Apple Patches Actively Exploited WebKit Zero-Day Vulnerability CVE-2023-23529 securityweek.com/apple-patches-… 2023-02-14 09:29:37
Twitter Icon @MrsYisWhy SecurityWeek: Apple Patches Actively Exploited WebKit Zero-Day Vulnerability CVE-2023-23529 securityweek.com/apple-patches-… 2023-02-14 09:34:11
Twitter Icon @shah_sheikh Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529): Apple has released security updates… twitter.com/i/web/status/1… 2023-02-14 10:03:06
Twitter Icon @TheCyberSecHub Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529) dlvr.it/SjNtZ9 2023-02-14 10:03:07
Twitter Icon @helpnetsecurity Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529) - helpnetsecurity.com/2023/02/14/cve… @Apple… twitter.com/i/web/status/1… 2023-02-14 10:05:43
Twitter Icon @ipssignatures The vuln CVE-2023-23529 has a tweet created 0 days ago and retweeted 110 times. twitter.com/TheHackersNews… #pow2rtrtwwcve 2023-02-14 10:06:00
Twitter Icon @usami2go 更新しておいた。「WebKitの脆弱性(CVE-2023-23529)は既に悪性が確認されているゼロデイ脆弱性となっており...」 / Apple、複数のバグと既に悪用された可能性のあるゼロデイ脆弱性を修正した「macOS 13.… twitter.com/i/web/status/1… 2023-02-14 10:11:34
Twitter Icon @CybersecVm New Zero Day: CVE-2023-23529, Zero-day vulnerability in Apple iOS cybersecvm.com/posts/cyber-se… #Zeroday #Vulnerability 2023-02-14 11:11:46
Twitter Icon @Sec_Cyber #Apple fixes actively #exploited WebKit #zeroday in iOS, #MacOS (CVE-2023-23529) securecybersolution.com/apple-fixes-ac… 2023-02-14 11:13:05
Twitter Icon @SK_Expert Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529) ift.tt/jpEfz7G #cyber… twitter.com/i/web/status/1… 2023-02-14 11:20:12
Twitter Icon @CESNET_CERTS ?Náme tu nášup aktualizací pro #Apple s opravu první letošní 0-day zranitelnosti (Webkit, CVE-2023-23529), která je… twitter.com/i/web/status/1… 2023-02-14 11:20:20
Twitter Icon @Cybernozcom Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529) ift.tt/ofnxgaTtwitter.com/i/web/status/1… 2023-02-14 11:22:20
Twitter Icon @cipherstorm Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529): Apple has released security updates… twitter.com/i/web/status/1… 2023-02-14 11:22:35
Twitter Icon @joviannfeed Help Net Security | "Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529)" bit.ly/3E88yyC 2023-02-14 11:28:33
Twitter Icon @autumn_good_35 ??? 『Apple is aware of a report that this issue may have been actively exploited.』 CVE-2023-23514、CVE-2023-23529 A… twitter.com/i/web/status/1… 2023-02-14 11:34:30
Twitter Icon @Xc0resecurity Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529) dlvr.it/SjP5tg 2023-02-14 11:36:34
Twitter Icon @CFCSsitcen To nye zero-day sårbarheder (CVE-2023-23514, CVE-2023-23529) i iOS, iPadOS og MacOS tillader eksekvering af arbitræ… twitter.com/i/web/status/1… 2023-02-14 11:38:55
Twitter Icon @SK_Expert Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529) - Help Net Security… twitter.com/i/web/status/1… 2023-02-14 11:45:31
Twitter Icon @SecurityNewsbot #Apple fixes actively exploited WebKit zero-day in #iOS, macOS (CVE-2023-23529) helpnetsecurity.com/2023/02/14/cve… #HelpNetSecurity 2023-02-14 12:00:18
Twitter Icon @jbhall56 Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be act… twitter.com/i/web/status/1… 2023-02-14 12:26:39
Twitter Icon @rester_andrew CVE-2023-23529 2023-02-14 12:54:39
Twitter Icon @jhdbw Apple ha publicado una actualizacion de seguridad para abordar una nueva vulnerabilidad de DÍA CERO (CVE-2023-23529… twitter.com/i/web/status/1… 2023-02-14 13:12:24
Twitter Icon @vumetric Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529) vumetric.com/cybersecurity-… 2023-02-14 13:25:29
Twitter Icon @TheHackersNews ⚡ Apple has released URGENT security updates to address a new ZERO-DAY #vulnerability (CVE-2023-23529) discovered i… twitter.com/i/web/status/1… 2023-02-14 13:30:00
Twitter Icon @_DrFrusci ⚡ Apple has released URGENT security updates to address a new ZERO-DAY #vulnerability (CVE-2023-23529) discovered i… twitter.com/i/web/status/1… 2023-02-14 13:31:02
Twitter Icon @manabu2111 WebKitにおいて細工されたWebコンテンツを処理することで任意のコードを実行される「CVE-2023-23529」に対処したものとなっている 2023-02-14 13:32:37
Twitter Icon @manabu2111 CVE-2023-2352、ショートカットの情報漏洩 保護されていないユーザーデータをアプリに監視される可能性がある、CVE-2023-23529、「WebKit」における型混乱、悪意を持って作成されたWebコンテンツを処理すると… twitter.com/i/web/status/1… 2023-02-14 13:37:12
Twitter Icon @CVEtrends Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2023-23529: 4.2M (audience size) CVE-2023-25136: 305.1K CVE-2023-0… twitter.com/i/web/status/1… 2023-02-14 14:00:03
Twitter Icon @CyViation_aero ?Pilots! Zero-Day vulnerability (CVE-2023-23529) in EFB iPads allows remote code execution & crashes. Update iPad O… twitter.com/i/web/status/1… 2023-02-14 14:31:01
Twitter Icon @SalgueiroMiguel Vulnerabilidad de día 0 CVE-2023-23529 (Crítica) - Vulnerabilidad de confusión de tipos en 'Webkit', que podría exp… twitter.com/i/web/status/1… 2023-02-14 14:38:39
Twitter Icon @nicotouch Suis-je le seul à me demander si un un exploit existe concernant la faille CVE-2023-23529 et laisse un espoir de ja… twitter.com/i/web/status/1… 2023-02-14 14:43:42
Twitter Icon @Esben_Dochy Apple released new security patches for MacOS, iOS, iPadOS and Safari. This includes CVE-2023-23529 which is known… twitter.com/i/web/status/1… 2023-02-14 14:59:32
Twitter Icon @KanataYAMANO_ これは CVE-2023-23529 です 2023-02-14 14:59:46
Twitter Icon @Har_sia CVE-2023-23529 har-sia.info/CVE-2023-23529… #HarsiaInfo 2023-02-14 15:05:00
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2023-02-14 13:48:32
Reddit Logo Icon /r/macsysadmin Another WebKit 0 day CVE-2023-23529 2023-02-14 18:03:34
Reddit Logo Icon /r/SecurityIT [CVE-2023-23529] - 0day su iphone e macos 2023-02-14 20:18:19
Reddit Logo Icon /r/crowdstrike // SITUATIONAL AWARENESS // macOS Zero Day CVE-2023-23529 2023-02-15 16:12:21
Reddit Logo Icon /r/KibernetinisSaugumas "Apple" "iOS", "iPadOS", "macOS" ir "Safari" atakuojamos, dėl naujos nulinės dienos klaidos 2023-02-16 11:37:10
Reddit Logo Icon /r/u/hasadwan0 cve-2023-23529 apple zero day 2023-02-16 10:50:40
Reddit Logo Icon /r/jailbreak [Discussion] Regarding the latest Webkit Zero Day according to this article(and many like this), will it might lead to a JB? 2023-02-18 15:15:19
Reddit Logo Icon /r/netcve CVE-2023-23529 2023-02-27 21:38:43
Reddit Logo Icon /r/spixnet_gmbh_official Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw 2023-03-06 16:31:24
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution PATCH: NOW 2023-03-28 13:48:06
Reddit Logo Icon /r/spixnet_gmbh_official Apple Issues Urgent Security Update for Older iOS and iPadOS Models 2023-04-03 10:17:09
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution PATCH: NOW 2023-05-19 12:09:54
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report