CVE-2023-43000

// CVE-2023-43000 PoC - Use-after-free in WebKit // This PoC demonstrates the vulnerability pattern (educational use only) function trigger_uaf() { // Step 1: Create objects that will trigger the vulnerability const arr = new Array(); // Step 2: Create a victim object with specific structure class Victim { constructor() { this.data = new ArrayBuffer(0x1000); this.callback = null; } } // Step 3: Create multiple references for (let i = 0; i < 100; i++) { arr.push(new Victim()); } // Step 4: Trigger garbage collection manipulation // The actual exploit would use timing attacks to achieve UAF // Step 5: Reclaim memory and use freed object // In real exploit: spray heap, reclaim memory, corrupt vtable return arr; } // Mitigation: Update to patched versions console.log('Update to Safari 16.6+, iOS 16.6+, macOS 13.5+');

{"cve": {"id": "CVE-2023-43000", "sourceIdentifier": "[email protected]", "published": "2025-11-05T19:15:47.937", "lastModified": "2026-03-12T13:25:11.910", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "cisaExploitAdd": "2026-03-05", "cisaActionDue": "2026-03-26", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apple Multiple products Use-After-Free Vulnerability", "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-416"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-416"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding": "16.6", "matchCriteriaId": "DB91291B-DB98-4E2A-BDA6-F9B5C48CDC6F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.8.7", "matchCriteriaId": "1E574928-4E49-45B0-AE6E-DF4D38897F67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0", "versionEndExcluding": "16.6", "matchCriteriaId": "33013784-1828-4402-81CF-2794D94A7C48"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.8.7", "matchCriteriaId": "D1E9DC1A-618A-4CAF-96C7-EC5BA2C1F617"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0", "versionEndExcluding": "16.6", "matchCriteriaId": "4C67BFEB-764A-4C07-A02A-117C6AFAAC6A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.5", "matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171"}]}]}], "references": [{"url": "https://support.apple.com/en-us/120324", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/120331", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/120338", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126632", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}]}}