Apple Multiple Products WebKit Code Execution Vulnerability
Summary
| CVE | CVE-2023-37450 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-27 00:15:00 UTC |
| Updated | 2024-01-05 14:15:00 UTC |
| Description | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
Risk And Classification
EPSS: 0.000540000 probability, percentile 0.168610000 (date 2026-04-17)
CISA KEV: Listed on 2023-07-13; due 2023-08-03; ransomware use Unknown
Problem Types: NVD-CWE-noinfo
CISA Known Exploited Vulnerability
| Vendor | Apple |
|---|---|
| Product | Multiple Products |
| Name | Apple Multiple Products WebKit Code Execution Vulnerability |
| Required Action | Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. |
| Notes | https://support.apple.com/en-us/HT213826, https://support.apple.com/en-us/HT213841, https://support.apple.com/en-us/HT213843, https://support.apple.com/en-us/HT213846, https://support.apple.com/en-us/HT213848; https://nvd.nist.gov/vuln/detail/CVE-2023-37450 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of Safari 16.5.2 - Apple Support | MISC | support.apple.com | |
| security.gentoo.org/glsa/202401-04 | security.gentoo.org | ||
| About the security content of macOS Ventura 13.5 - Apple Support | MISC | support.apple.com | |
| About the security content of watchOS 9.6 - Apple Support | MISC | support.apple.com | |
| About the security content of tvOS 16.6 - Apple Support | MISC | support.apple.com | |
| About the security content of iOS 16.6 and iPadOS 16.6 - Apple Support | MISC | support.apple.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199627 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-6264-1)
- 241821 Red Hat Update for webkit2gtk3 (RHSA-2023:4202)
- 241826 Red Hat Update for webkit2gtk3 (RHSA-2023:4201)
- 355775 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2177
- 378655 Apple MacOS Ventura 13.4.1 Rapid Security Response Update Missing (HT213825)
- 378658 Apple Safari Security update (HT213826)
- 378687 Apple macOS Ventura 13.5 Not Installed (HT213843)
- 6000200 Debian Security Update for webkit2gtk (DSA 5457-1)
- 610498 Apple iOS 16.6 and iPadOS 16.6 Security Update Missing
- 710824 Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202401-04)
- 754916 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:3753-1)
- 755164 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4211-1)
- 755166 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4209-1)
- 960967 Rocky Linux Security Update for webkit2gtk3 (RLSA-2023:4202)
- 960970 Rocky Linux Security Update for webkit2gtk3 (RLSA-2023:4201)