Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

43 matches found

CVE•added 2023/06/23 6:15 p.m.•1807 views

CVE-2023-32373

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is awa...

8.8CVSS8.6AI score0.00013EPSS

In wild

CVE•added 2023/06/23 6:15 p.m.•1783 views

CVE-2023-28204

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this...

6.5CVSS6.6AI score0.00044EPSS

In wild

CVE•added 2023/06/23 6:15 p.m.•1662 views

CVE-2023-32409

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue ...

8.6CVSS7.7AI score0.00354EPSS

In wild

CVE•added 2023/07/27 12:15 a.m.•1085 views

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

8.8CVSS8.5AI score0.00021EPSS

In wild

CVE•added 2023/02/27 8:15 p.m.•1073 views

CVE-2023-23529

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issu...

8.8CVSS8.6AI score0.00034EPSS

In wild

CVE•added 2023/04/10 7:15 p.m.•785 views

CVE-2023-28205

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report t...

8.8CVSS8.8AI score0.00108EPSS

In wild

CVE•added 2023/06/23 6:15 p.m.•756 views

CVE-2023-32435

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have be...

8.8CVSS8.8AI score0.00501EPSS

In wild

CVE•added 2023/06/23 6:15 p.m.•740 views

CVE-2023-32439

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this is...

8.8CVSS8.6AI score0.00344EPSS

In wild

CVE•added 2023/07/27 1:15 a.m.•564 views

CVE-2023-38572

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.

7.5CVSS6.7AI score0.00638EPSS

CVE•added 2023/07/27 1:15 a.m.•550 views

CVE-2023-38611

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00914EPSS

CVE•added 2023/07/27 12:15 a.m.•546 views

CVE-2023-38133

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.

6.5CVSS6.2AI score0.00651EPSS

CVE•added 2023/07/27 12:15 a.m.•538 views

CVE-2023-38594

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00713EPSS

CVE•added 2023/07/27 12:15 a.m.•526 views

CVE-2023-38597

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00643EPSS

CVE•added 2023/07/27 1:15 a.m.•526 views

CVE-2023-38600

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00992EPSS

CVE•added 2023/07/27 1:15 a.m.•519 views

CVE-2023-38595

8.8CVSS8.3AI score0.00914EPSS

CVE•added 2023/05/08 8:15 p.m.•466 views

CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

6.5CVSS6.3AI score0.00118EPSS

CVE•added 2023/11/30 11:15 p.m.•439 views

CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against ver...

8.8CVSS8.8AI score0.00037EPSS

In wild

CVE•added 2023/07/28 5:15 a.m.•424 views

CVE-2023-38599

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.

6.5CVSS6AI score0.00651EPSS

CVE•added 2023/02/27 8:15 p.m.•394 views

CVE-2023-23518

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00261EPSS

CVE•added 2023/02/27 8:15 p.m.•381 views

CVE-2023-23517

8.8CVSS8.4AI score0.00261EPSS

CVE•added 2023/08/14 11:15 p.m.•372 views

CVE-2022-48503

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00273EPSS

CVE•added 2023/11/30 11:15 p.m.•359 views

CVE-2023-42916

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions...

6.5CVSS6.7AI score0.00045EPSS

In wild

CVE•added 2023/05/08 8:15 p.m.•346 views

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

5.5CVSS5.8AI score0.00007EPSS

CVE•added 2023/09/27 3:19 p.m.•333 views

CVE-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00944EPSS

CVE•added 2023/10/25 7:15 p.m.•314 views

CVE-2023-42852

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.01373EPSS

CVE•added 2023/10/25 7:15 p.m.•303 views

CVE-2023-41983

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.

6.5CVSS6.2AI score0.00933EPSS

CVE•added 2023/10/25 7:15 p.m.•261 views

CVE-2023-40447

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00295EPSS

CVE•added 2023/10/25 7:15 p.m.•257 views

CVE-2023-41976

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00346EPSS

CVE•added 2023/05/08 8:15 p.m.•213 views

CVE-2023-28201

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution.

9.8CVSS8.6AI score0.03981EPSS

CVE•added 2023/05/08 8:15 p.m.•201 views

CVE-2022-32885

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution

8.8CVSS8.6AI score0.00135EPSS

CVE•added 2023/07/28 5:15 a.m.•193 views

CVE-2023-32445

This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.

6.1CVSS5.4AI score0.00468EPSS

CVE•added 2023/02/27 8:15 p.m.•184 views

CVE-2022-32784

The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data.

6.5CVSS5.4AI score0.00122EPSS

CVE•added 2023/02/27 8:15 p.m.•179 views

CVE-2023-23496

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00198EPSS

CVE•added 2023/02/27 8:15 p.m.•152 views

CVE-2022-46705

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS3.5AI score0.00106EPSS

CVE•added 2023/02/27 8:15 p.m.•148 views

CVE-2022-42826

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00081EPSS

CVE•added 2023/02/27 8:15 p.m.•130 views

CVE-2022-32891

The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.

6.1CVSS5.2AI score0.00099EPSS

CVE•added 2023/12/12 1:15 a.m.•123 views

CVE-2023-42890

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00634EPSS

CVE•added 2023/06/23 6:15 p.m.•106 views

CVE-2023-32402

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.

6.5CVSS6.1AI score0.00135EPSS

CVE•added 2023/12/12 1:15 a.m.•103 views

CVE-2023-42883

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

5.5CVSS5.7AI score0.00029EPSS

CVE•added 2023/09/27 3:18 p.m.•102 views

CVE-2023-35074

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00598EPSS

CVE•added 2023/06/23 6:15 p.m.•98 views

CVE-2023-32423

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.

6.5CVSS6.4AI score0.00172EPSS

CVE•added 2023/09/27 3:19 p.m.•95 views

CVE-2023-40451

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

8.8CVSS8.5AI score0.00272EPSS

CVE•added 2023/09/27 3:19 p.m.•70 views

CVE-2023-40417

A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

5.4CVSS5.8AI score0.00302EPSS