CVE-2023-28204 - Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Vulnerability Name

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Description

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765

https://nvd.nist.gov/vuln/detail/CVE-2023-28204

Related News Articles

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacksMarch 12, 2025

Apple fixes zero-day exploited in 'extremely sophisticated' attacksFebruary 11, 2025

Apple fixes this year’s first actively exploited zero-day bugJanuary 28, 2025

Apple fixes two zero-days used in attacks on Intel-based MacsNovember 20, 2024