VIR Vulnerability Intelligence Relay

CVE-2023-37450

high KEV
Published 2023-07-18 · Modified 2023-07-13
CVSS v3
CVSS v2
VIR risk
9.5

Description

Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

CISA KEV

Vendor
Apple
Product
Multiple Products
Due date
2023-08-03

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://support.apple.com/en-us/HT213826, https://support.apple.com/en-us/HT213841, https://support.apple.com/en-us/HT213843, https://support.apple.com/en-us/HT213846, https://support.apple.com/en-us/HT213848; https://nvd.nist.gov/vuln/detail/CVE-2023-37450

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-37450

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:4201

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-37450.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:4202

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:4201

Exploits

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed
suse slesaffected
rockylinux rocky9fixed
debian debianbookwormfixed2.40.3-2~deb12u2
debian debianbullseyefixed2.40.3-2~deb11u2
debian debianforkyfixed2.40.4-1
debian debiansidfixed2.40.4-1
debian debiantrixiefixed2.40.4-1

References

Verify integrity in audit chain (admin only). AS-IS.