Apple Multiple Products WebKit Sandbox Escape Vulnerability
Summary
| CVE | CVE-2023-32409 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-23 18:15:00 UTC |
| Updated | 2023-07-27 04:15:00 UTC |
| Description | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. |
Risk And Classification
EPSS: 0.003380000 probability, percentile 0.564770000 (date 2026-04-01)
CISA KEV: Listed on 2023-05-22; due 2023-06-12; ransomware use Unknown
Problem Types: NVD-CWE-noinfo
CISA Known Exploited Vulnerability
| Vendor | Apple |
|---|---|
| Product | Multiple Products |
| Name | Apple Multiple Products WebKit Sandbox Escape Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765; https://nvd.nist.gov/vuln/detail/CVE-2023-32409 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of macOS Ventura 13.4 - Apple Support | MISC | support.apple.com | |
| About the security content of iOS 16.5 and iPadOS 16.5 - Apple Support | MISC | support.apple.com | |
| About the security content of iOS 15.7.8 and iPadOS 15.7.8 - Apple Support | MISC | support.apple.com | |
| About the security content of tvOS 16.5 - Apple Support | MISC | support.apple.com | |
| About the security content of watchOS 9.5 - Apple Support | MISC | support.apple.com | |
| About the security content of Safari 16.5 - Apple Support | MISC | support.apple.com | |
| Full Disclosure: APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8 | MITRE | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 355438 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2088
- 378503 Apple Safari Multiple Vulnerabilities (HT213762)
- 378505 Apple macOS Ventura 13.4 Not Installed (HT213758)
- 610488 Apple iOS 16.5 and iPadOS 16.5 Security Update Missing (HT213757)
- 610497 Apple iOS 15.7.8 and iPadOS 15.7.8 Security Update Missing