NVD disclosure day

Published threat advisories for April 10, 2023

CVE advisoryKnown Exploit

CVE-2023-28206

Apple OS Privilege Escalation Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

An out-of-bounds write vulnerability in Apple operating systems allows applications to execute arbitrary code with kernel privileges. This issue, potentially actively exploited, poses a risk to affected organizations, employees, and systems. Prioritizing remediation is advised to mitigate business risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2023-28205

Safari and iOS WebKit Code Execution Vulnerability.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in Apple's Safari, iOS, iPadOS, and macOS could allow attackers to execute arbitrary code by processing malicious web content. This may impact systems and data. Apple is aware of reports that this issue may have been actively exploited, posing a business risk.

NVD published: • CISA KEV