Apple have released eight security updates to address vulnerabilities in multiple products. Apple are reporting exploitation of CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, which impact iOS, iPadOS, Safari, watchOS, tvOS and macOS. An attacker may exploit some of these vulnerabilities to take control of a vulnerable system.

Exploitation of CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373

Apple have reported that these vulnerabilities may have been actively exploited in iOS, iPadOS, Safari, watchOS, tvOS and macOS. CVE-2023-32409 could allow a remote attacker to break out of web content sandbox, CVE-2023-28204 relates to the processing of web content that could disclose sensitive information, and CVE-2023-32373 relates to the processing of maliciously crafted web content that could lead to arbitrary code execution.

Remediation advice

Affected organisations are encouraged to review the following Apple security advisories and apply any relevant updates or workarounds.

Remediation steps

Type	Step
Patch	Safari 16.5 \| HT213762 https://support.apple.com/en-gb/HT213762
Patch	watchOS 9.5 \| HT213764 https://support.apple.com/en-gb/HT213764
Patch	tvOS 16.5 \| HT213761 https://support.apple.com/en-gb/HT213761
Patch	iOS 16.5 and iPadOS 16.5 \| HT213757 https://support.apple.com/en-gb/HT213757
Patch	iOS 15.7.6 and iPadOS 15.7.6 \| HT213765 https://support.apple.com/en-gb/HT213765
Patch	macOS Big Sur 11.7.7 \| HT213760 https://support.apple.com/en-gb/HT213760
Patch	macOS Ventura 13.4 \| HT213758 https://support.apple.com/en-gb/HT213758
Patch	macOS Monterey 12.6.6 \| HT213759 https://support.apple.com/en-gb/HT213759

Definitive source of threat updates

https://support.apple.com/en-gb/HT201222

CVE Vulnerabilities

Status Reserved

CVE-2023-32409

Status Reserved

CVE-2023-28204

Status Reserved

CVE-2023-32373

Last edited: 26 May 2023 3:40 pm