CVE-2023-37450
📋 TL;DR
This is a critical WebKit vulnerability in Apple products that allows arbitrary code execution when processing malicious web content. Attackers can exploit it to run unauthorized code on affected devices. All users of vulnerable Apple operating systems and Safari browsers are affected.
💻 Affected Systems
- iOS
- iPadOS
- Safari
- tvOS
- macOS Ventura
- watchOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
Webkitgtk by Webkitgtk
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the device, enabling data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Malicious code execution leading to credential theft, surveillance, or installation of additional malware payloads.
If Mitigated
Limited impact with proper network segmentation, application whitelisting, and user education preventing successful exploitation.
🎯 Exploit Status
Apple confirms active exploitation in the wild. Exploitation requires only visiting a malicious website or viewing malicious content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 16.6, iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6
Vendor Advisory: https://support.apple.com/en-us/HT213826
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Install available updates. 4. Restart device when prompted. For macOS: 1. Click Apple menu > System Settings. 2. Go to General > Software Update. 3. Install updates and restart.
🔧 Temporary Workarounds
Browser Restrictions
allRestrict browser usage to essential sites only and disable JavaScript for untrusted sites
Network Filtering
allBlock known malicious domains and implement web content filtering
🧯 If You Can't Patch
- Isolate affected devices from critical networks and internet access
- Implement application control to restrict browser execution to essential functions only
🔍 How to Verify
Check if Vulnerable:
Check current OS version against patched versions listed in affected_systems.versionsCheck Version:
iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac. Safari: Safari menu > About SafariVerify Fix Applied:
Verify OS version matches or exceeds patched versions: iOS/iPadOS ≥16.6, Safari ≥16.5.2, tvOS ≥16.6, macOS Ventura ≥13.5, watchOS ≥9.6📡 Detection & Monitoring
Log Indicators:
- Unexpected browser crashes
- Suspicious process creation from browser processes
- Unusual network connections from browser
Network Indicators:
- Connections to known exploit domains
- Unusual outbound traffic patterns from browser sessions
SIEM Query:
source="*browser*" AND (event="crash" OR process_creation="*unusual*" OR destination_ip="*malicious*" )🔗 References
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT213826
- https://support.apple.com/en-us/HT213841
- https://support.apple.com/en-us/HT213843
- https://support.apple.com/en-us/HT213846
- https://support.apple.com/en-us/HT213848
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT213826
- https://support.apple.com/en-us/HT213841
- https://support.apple.com/en-us/HT213843
- https://support.apple.com/en-us/HT213846
- https://support.apple.com/en-us/HT213848
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37450
