CISA Known Exploited Vulnerability

CVE-2023-28204

Apple · Multiple Products

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Date added 2023-05-22

BOD 22-01 due date 2023-06-12

CWE CWE-125

Ransomware Unknown

CISA description

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Required action

Apply updates per vendor instructions.

Notes & references

https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765
https://nvd.nist.gov/vuln/detail/CVE-2023-28204

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2023-28204
CVE.org · CVE-2023-28204
CISA KEV catalog (canonical)