CVE-2023-37450

high-risk

Published 2023-07-27

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (7)

Safari

Ipados

Iphone Os

Macos

Tvos

Watchos

Webkitgtk\+

Affected Vendors

Apple Webkitgtk

References (13)

Third Party Advisory https://security.gentoo.org/glsa/202401-04

Vendor Advisory https://support.apple.com/en-us/HT213826

Vendor Advisory https://support.apple.com/en-us/HT213841

Vendor Advisory https://support.apple.com/en-us/HT213843

Vendor Advisory https://support.apple.com/en-us/HT213846

Vendor Advisory https://support.apple.com/en-us/HT213848

Third Party Advisory https://security.gentoo.org/glsa/202401-04

Vendor Advisory https://support.apple.com/en-us/HT213826

Vendor Advisory https://support.apple.com/en-us/HT213841

Vendor Advisory https://support.apple.com/en-us/HT213843

Vendor Advisory https://support.apple.com/en-us/HT213846

Vendor Advisory https://support.apple.com/en-us/HT213848

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 7/34 · Low

Exposure 14/34 · Moderate