CVE-2023-32373: 
Apple Safari vulnerability analysis and mitigation

CVE-2023-32373 is a use-after-free vulnerability in WebKit that affects multiple Apple products including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. The vulnerability was discovered and reported by an anonymous researcher and was fixed in various Apple product updates released on May 18, 2023, including watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Apple acknowledged that this vulnerability was actively exploited in the wild (Apple Support, NVD).

The vulnerability is classified as a use-after-free issue in WebKit, Apple's browser engine. It was assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue was addressed by Apple with improved memory management in the WebKit component. The vulnerability is tracked under WebKit Bugzilla ID: 254840 (NVD, Apple Support).

When exploited, this vulnerability allows processing of maliciously crafted web content to lead to arbitrary code execution on the affected device. The high severity rating indicates that successful exploitation could result in significant impact to the confidentiality, integrity, and availability of the affected system (NVD, CISA).

Apple addressed this vulnerability by releasing security updates for affected products. Users should update to watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5, or later versions. For WebKitGTK+ users, updating to version 2.42.3 or later is recommended (Gentoo Security, Apple Support).