CVE-2023-32409: Apple Multiple Products WebKit Sandbox Escape Vulnerability

CVE ID

CVE-2023-32409

Vulnerability Name

Apple Multiple Products WebKit Sandbox Escape Vulnerability

• Project: Apple
• Product: Multiple Products

Date

• Date Added: 2023-05-22
• Due Date: 2023-06-12

Description

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765; https://nvd.nist.gov/vuln/detail/CVE-2023-32409

Related Security News

• Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
• Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
• Apple fixes zero-day exploited in 'extremely sophisticated' attacks
• Apple fixes this year’s first actively exploited zero-day bug
• Apple fixes two zero-days used in attacks on Intel-based Macs

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List