CVE-2023-32373
📋 TL;DR
This CVE describes a use-after-free vulnerability in Apple's WebKit browser engine that could allow arbitrary code execution when processing malicious web content. It affects multiple Apple operating systems and Safari browser versions. Apple has reported this vulnerability may have been actively exploited in the wild.
💻 Affected Systems
- Safari
- iOS
- iPadOS
- macOS
- watchOS
- tvOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
Webkitgtk by Webkitgtk
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Browser-based compromise leading to session hijacking, credential theft, or malware installation on vulnerable devices.
If Mitigated
Limited impact with proper network segmentation, application whitelisting, and endpoint protection in place.
🎯 Exploit Status
Apple confirms active exploitation. Exploitation requires user to visit malicious website but no authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, iPadOS 15.7.6, Safari 16.5, iOS 16.5, iPadOS 16.5
Vendor Advisory: https://support.apple.com/en-us/HT213757
Restart Required: Yes
Instructions:
1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Install available updates. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation via web content.
Safari > Preferences > Security > Uncheck 'Enable JavaScript'
Use Alternative Browser
allUse browsers not based on WebKit engine until patches are applied.
🧯 If You Can't Patch
- Implement network filtering to block known malicious domains and restrict web browsing to trusted sites only.
- Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts and suspicious process behavior.
🔍 How to Verify
Check if Vulnerable:
Check system version against affected versions list. On macOS: About This Mac > macOS version. On iOS/iPadOS: Settings > General > About > Version.Check Version:
macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > VersionVerify Fix Applied:
Verify system version matches or exceeds patched versions listed in fix_official.patch_version.📡 Detection & Monitoring
Log Indicators:
- Safari/WebKit crash logs with memory access violations
- Unexpected process spawning from Safari/WebKit processes
Network Indicators:
- Connections to known malicious domains from Safari
- Unusual outbound traffic patterns from Apple devices
SIEM Query:
process_name:Safari AND (event_type:crash OR parent_process:Safari)🔗 References
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT213757
- https://support.apple.com/en-us/HT213758
- https://support.apple.com/en-us/HT213761
- https://support.apple.com/en-us/HT213762
- https://support.apple.com/en-us/HT213764
- https://support.apple.com/en-us/HT213765
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT213757
- https://support.apple.com/en-us/HT213758
- https://support.apple.com/en-us/HT213761
- https://support.apple.com/en-us/HT213762
- https://support.apple.com/en-us/HT213764
- https://support.apple.com/en-us/HT213765
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32373
