CVE-2023-43010
Modified
Modified - Updated After Analysis
Memory Corruption in Apple Safari and iOS via Malicious Web Content
Vulnerability report for CVE-2023-43010, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-12
Last updated on: 2026-06-30
Assigner: Apple Inc.
Description
Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 17.2 (exc) |
| apple | iphone_os | From 17.0 (inc) to 17.2 (exc) |
| apple | ipados | From 17.0 (inc) to 17.2 (exc) |
| apple | macos | to 14.2 (exc) |
| apple | ipados | to 15.8.7 (exc) |
| apple | iphone_os | to 15.8.7 (exc) |
| apple | ipados | From 16.0 (inc) to 16.7.15 (exc) |
| apple | iphone_os | From 16.0 (inc) to 16.7.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |