CVE-2023-37450: 
Apple Safari vulnerability analysis and mitigation

CVE-2023-37450 is a critical WebKit vulnerability discovered in Apple's products that allows arbitrary code execution when processing web content. The vulnerability was reported by an anonymous researcher and was actively exploited in the wild. It affects multiple Apple products including iOS, iPadOS, Safari, tvOS, macOS Ventura, and watchOS (Apple Advisory, Help Net Security).

The vulnerability exists in WebKit, the browser engine used by Apple's Safari web browser and all other web browsers on iOS and iPadOS. It can be triggered when processing specially crafted web content, potentially leading to arbitrary code execution. The issue received a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows attackers to execute arbitrary code on affected devices when processing malicious web content. This could potentially lead to complete system compromise, allowing attackers to run malicious code with the same privileges as the WebKit process (Help Net Security).

Apple addressed the vulnerability by implementing improved checks in affected products. The fix was released in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, and watchOS 9.6. Users are strongly advised to update their devices to these versions or later (Apple Advisory).

Apple initially released Rapid Security Response updates to quickly address this vulnerability, but had to pull them back due to issues with certain websites not displaying properly. New fixes were subsequently released to address these compatibility issues (Help Net Security).