CVE-2023-32435: 
Apple Safari vulnerability analysis and mitigation

CVE-2023-32435 is a memory corruption vulnerability in Apple's WebKit component that was discovered and disclosed in March 2023. The vulnerability affects multiple Apple products including macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Apple confirmed that this vulnerability was actively exploited against versions of iOS released before iOS 15.7 (Apple Support).

The vulnerability is a memory corruption issue in WebKit that was addressed with improved state management. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

When exploited, processing web content may lead to arbitrary code execution on affected devices. This could allow attackers to execute malicious code and potentially take control of the affected system (Apple Support, Apple Support).

Apple has released security updates to address this vulnerability in multiple products: macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Users are advised to update their devices to these versions to protect against potential exploitation (Apple Support).

The vulnerability was discovered and reported by security researchers from Kaspersky, including Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), Boris Larin (@oct0xor), and Valentin Pashkov. The discovery and active exploitation of this vulnerability led to its inclusion in CISA's Known Exploited Vulnerabilities Catalog (NVD).