External risk intelligence

Apple WebKit Code Execution Vulnerability in Safari and iOS

CVE advisoryKnown Exploit

CVE-2023-37450

A vulnerability in how certain Apple products and Safari process web content could allow attackers to execute arbitrary code. Organizations face business risk if systems encounter malicious web content. Apple has addressed this issue in updated software.

5Halo Surface Signal

Apple Safari

before 16.5.2before 16.613.0 to before 13.5before 9.6before 2.42.3

External exposure likelihood

Halo Surface Signal score for CVE-2023-37450

This vulnerability affects web browsers and platforms that process web content. Since web browsers are designed to fetch, render, and execute content from the public internet by default, this vulnerability is exposed to the public-facing internet as an inherent part of the product's primary function.

Horizon Alert

Summary of the vulnerability and why it matters

The vulnerability exists in the way certain Apple products and Safari process web content. This flaw can allow attackers to execute arbitrary code on affected systems. The potential impact includes the compromise of systems and data.

Affected applications and operating systems
Arbitrary code execution via web content
System and data compromise

Attack Path

How an attacker could exploit the issue

Processing web content can lead to arbitrary code execution. This vulnerability was addressed in updated software versions. An organization's systems and data could be compromised if they are running vulnerable software and encounter malicious web content.

Exposure condition: Internet-accessible web content.
Attacker starting point: Network.
Trigger and result: User interaction with web content leads to code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability can be exploited by attackers with a high skill level, requiring no prior access to a system. The potential impact includes arbitrary code execution on affected Apple devices through malicious web content. Given that this vulnerability has been reported as actively exploited and is included in CISA's Known Exploited Vulnerabilities catalog, it should be treated with urgency.

Likely attacker skill level: High
Required access or conditions: None
Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An organization should take immediate action to address a high-severity vulnerability that could allow arbitrary code execution when processing web content. Apple has indicated that this issue may have been actively exploited. Applying vendor-provided fixes is crucial to mitigate this risk.

Find affected assets.
Reduce exposure or isolate risk.
Fix, verify, and monitor.

Frequently asked questions

What is CVE-2023-37450, and which Apple products are affected by this web content processing vulnerability?

CVE-2023-37450 is a vulnerability in Apple products and Safari that allows for arbitrary code execution when processing web content. It affects iOS 16.6, iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, and watchOS 9.6, as well as WebKitGTK.

How does the WebKit vulnerability in Apple products lead to arbitrary code execution, and what is the weakness class?

The vulnerability, identified as CVE-2023-37450, allows arbitrary code execution when affected Apple products and Safari process maliciously crafted web content. While the specific weakness class is not detailed, the impact suggests a flaw in how the WebKit rendering engine handles web content, potentially leading to memory corruption or similar issues.

What is the trigger path for CVE-2023-37450, and can its scope be limited to prevent exploitation?

The trigger path for CVE-2023-37450 involves processing web content, meaning a user interacting with a malicious website could activate the vulnerability. The scope is not explicitly negated in the provided details, but the issue is fixed in updated software versions, implying that applying these patches limits the scope of affected systems.

Why is CVE-2023-37450 considered highly relevant, especially concerning the Halo Surface Signal?

CVE-2023-37450 is highly relevant because it has been reported as actively exploited and is listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. The Halo Surface Signal indicates it's 'Very likely' to be exploited as it affects web browsers, which inherently fetch content from the internet.

What practical steps should organizations take to address the CVE-2023-37450 vulnerability affecting Apple products?

Organizations should prioritize applying vendor-provided updates for affected Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Identifying all vulnerable assets, isolating them if immediate patching isn't possible, and verifying the successful implementation of fixes are crucial steps.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.