CVE-2023-28204

ENISA EUVD: EUVD-2023-31912 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 21 articles Published: 2023-06-23

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.08%

probability

This CVE has a 0.08% probability of being exploited in the next 30 days.

0% Top 22.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

6.5

MEDIUM

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Description

VulnerabilityLookup (CNA)

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Affected Products

Apple

macOS

unspecified

Apple

Safari

unspecified

Apple

watchOS

unspecified

Apple

iOS and iPadOS

unspecified

Apple

iOS and iPadOS

unspecified

apple

safari

apple

ipados

apple

iphone os

apple

macos

apple

tvos

Apple

iOS and iPadOS

unspecified <16.5

Apple

tvOS

unspecified <16.5

Apple

iOS and iPadOS

unspecified <15.7

Apple

macOS

unspecified <13.4

Apple

watchOS

unspecified <9.5

Apple

Safari

unspecified <16.5

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-125 · Out-of-bounds Read CWE-664 · Improper Control of a Resource Through its Lifetime

Google Project Zero

Patched

May 1, 2023

Reported by

???

Root Cause Analysis

???

https://support.apple.com/en-us/HT213758

https://support.apple.com/en-us/HT213762

https://support.apple.com/en-us/HT213764

https://support.apple.com/en-us/HT213765

https://support.apple.com/en-us/HT213757

https://support.apple.com/en-us/HT213761

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.08%

CVSS v3.1 6.5

Mentions 21

Last Seen Mar 11, 2025

CNA Information

CNA Assigner

apple

Analyst Note

CVE-2023-28204 demonstrates strong confirmation indicators: Apple's official advisory explicitly states active exploitation in the wild, it was reported by Google Project Zero, and multiple credible sources document sophisticated attack campaigns. The out-of-bounds read vulnerability affecting multiple Apple platforms with coordinated patching across iOS, macOS, tvOS, and Safari further corroborates the confirmed status.

Triage Info

Decided atMar 03, 2026

Published DateJun 23, 2023