{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-43010", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-14T19:05:11.492Z", "datePublished": "2026-03-12T00:52:05.120Z", "dateUpdated": "2026-03-13T03:55:38.421Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to memory corruption"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7.15", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "15.8.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption."}], "references": [{"url": "https://support.apple.com/en-us/120877"}, {"url": "https://support.apple.com/en-us/120300"}, {"url": "https://support.apple.com/en-us/120879"}, {"url": "https://support.apple.com/en-us/126646"}, {"url": "https://support.apple.com/en-us/126632"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-12T00:52:05.120Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2023-43010"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T03:55:38.421Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Mar/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-12T23:06:37.916Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Mar/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-12T23:06:37.916Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-43010", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T13:58:02.667006Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T13:57:55.842Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7.15", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.8.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/120877"}, {"url": "https://support.apple.com/en-us/120300"}, {"url": "https://support.apple.com/en-us/120879"}, {"url": "https://support.apple.com/en-us/126646"}, {"url": "https://support.apple.com/en-us/126632"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to memory corruption"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-12T00:52:05.120Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43010", "state": "PUBLISHED", "dateUpdated": "2026-03-12T23:06:37.916Z", "dateReserved": "2023-09-14T19:05:11.492Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-03-12T00:52:05.120Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption."}, {"lang": "es", "value": "El problema se abord\u00f3 con un manejo de memoria mejorado. Este problema se solucion\u00f3 en iOS 17.2 y iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 y iPadOS 16.7.15, iOS 15.8.7 y iPadOS 15.8.7. El procesamiento de contenido web dise\u00f1ado maliciosamente puede provocar corrupci\u00f3n de memoria."}], "id": "CVE-2023-43010", "lastModified": "2026-03-13T19:53:46.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-12T01:15:54.493", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120300"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120877"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/120879"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126632"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2026/Mar/1"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2025:10364", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "webkitgtk4-0:2.48.3-2.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2024:9636", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.46.3-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9680", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "webkit2gtk3-0:2.46.3-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9679", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "webkit2gtk3-0:2.46.3-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9679", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "webkit2gtk3-0:2.46.3-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9679", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "webkit2gtk3-0:2.46.3-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9653", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "webkit2gtk3-0:2.46.3-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9653", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "webkit2gtk3-0:2.46.3-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9653", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "webkit2gtk3-0:2.46.3-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9646", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "webkit2gtk3-0:2.46.3-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:8180", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.46.1-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:9144", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.44.3-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:8496", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "webkit2gtk3-0:2.46.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-10-28T00:00:00Z"}, {"advisory": "RHSA-2024:8492", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "webkit2gtk3-0:2.46.1-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-28T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Processing maliciously crafted web content may lead to memory corruption", "id": "2448778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448778"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling."], "mitigation": {"lang": "en:us", "value": "Do not process or load untrusted web content with WebKitGTK.\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."}, "name": "CVE-2023-43010", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-43010\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-43010\nhttps://webkitgtk.org/security/WSA-2026-0001.html"], "statement": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause memory corruption and the possibility of remote code execution is not discarded.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,17.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iOS and iPadOS", "source": "cna", "vendor": "Apple"}, "product": "ios_and_ipados", "vendor": "apple"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,16.7.15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iOS and iPadOS", "source": "cna", "vendor": "Apple"}, "product": "ios_and_ipados", "vendor": "apple"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.8.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iOS and iPadOS", "source": "cna", "vendor": "Apple"}, "product": "ios_and_ipados", "vendor": "apple"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,14.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,17.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Safari", "source": "cna", "vendor": "Apple"}, "product": "safari", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-20T01:51:47.835960+00:00", "value": {"mitigation_remediation": ["Install the latest Apple security updates for iOS\u202f17.2 or later, iPadOS\u202f17.2 or later, macOS\u202fSonoma\u202f14.2 or later, and Safari\u202f17.2 or later.", "Apply the latest RedHat Enterprise Linux security patches for all affected RHEL\u202f8 and RHEL\u202f9 releases, including the extended support streams.", "If immediate patching is not possible, restrict browsing of untrusted web content by disabling or sandboxing WebKitGTK usage."], "summary": {"action": "Immediate Patch", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "Apple devices that embed WebKitGTK\u2014including Safari on macOS, iOS, and iPadOS\u2014are affected. The issue is fixed in iOS\u202f17.2, iPadOS\u202f17.2, macOS Sonoma\u202f14.2, Safari\u202f17.2, iOS\u202f16.7.15, iPadOS\u202f16.7.15, iOS\u202f15.8.7, and iPadOS\u202f15.8.7. In addition, all RedHat Enterprise Linux releases 8 and 9, including the 8.2, 8.4, 8.6, 8.8, 9.0, 9.2 and the extended support streams (RHEL AU, E4S, EUS, TUS, ELStream\u202f7), are listed as affected products by their CPE identifiers. Devices or servers running earlier or non\u2011patched versions of these operating systems or browsers remain vulnerable.", "description_and_impact": "Processing maliciously crafted web content may trigger a memory corruption bug in the WebKitGTK engine. The vulnerability is a classic buffer overflow (CWE-120) that can corrupt memory managed by the browser, potentially allowing an attacker to execute arbitrary code or crash the process.", "risk_and_exploitability": "With a CVSS score of 8.8 the vulnerability is classified as high severity, yet its EPSS score is reported to be less than 1\u202f%, indicating a low likelihood of current exploitation. It is not present in the CISA KEV catalog, and no public exploits are known. The attack vector is inferred to be remote, requiring an attacker to deliver malicious web content that is rendered by the affected browser or component. Successful exploitation could grant an attacker arbitrary code execution on the host or a denial\u2011of\u2011service through memory corruption."}}}}, "created": "2026-03-12T09:54:58.929110+00:00", "updated": "2026-03-20T15:36:21.139107+00:00", "vendors": ["apple", "apple$PRODUCT$ios_and_ipados", "apple$PRODUCT$macos", "apple$PRODUCT$safari"]}