CVE-2023-32409 — Apple Multiple Products WebKit Sandbox Escape Vulnerability

2023-05-22 • CISA Known Exploited Vulnerability

[event] Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

> AFFECTED SOFTWARE

Field	Value
Vendor	Apple
Product	Multiple Products
CVE ID	CVE-2023-32409
Date Added	2023-05-22
Due Date	2023-06-12
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-06-12

> REFERENCES

[1] https://support.apple.com/HT213757,
[2] https://support.apple.com/HT213758,
[3] https://support.apple.com/HT213761,
[4] https://support.apple.com/HT213762,
[5] https://support.apple.com/HT213764,
[6] https://support.apple.com/HT213765
[7] https://nvd.nist.gov/vuln/detail/CVE-2023-32409