CVE-2023-32439
ENISA EUVD: EUVD-2023-36683 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: Feb. 18, 2026
19 articles
Published: 2023-06-23
EPSS Score
Source: FIRST.org · 2026-05-23
1.16%
probability
This CVE has a 1.16% probability
of being exploited in the next 30 days.
0%
Top 78.8th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Affected Products
Apple
iOS and iPadOS
unspecified
Apple
Safari
unspecified
Apple
iOS and iPadOS
unspecified
Apple
macOS
unspecified
Attack Intelligence
Google Project Zero
Patched
June 21, 2023
Reported by
???
Root Cause Analysis
???
Signal Intelligence
Confidence
95%
EPSS
1.16%
CVSS v3.1
8.8
Mentions
19
Last Seen
Mar 11, 2025
CNA Information
CNA Assigner
apple
Analyst Note
CVE-2023-32439 is a confirmed zero-day with strong evidence of active exploitation in sophisticated attacks, validated by Apple's official disclosure and Google Project Zero listing. The HIGH CVSS score (8.8), multiple security publications documenting real-world exploitation, and the vendor's acknowledgment of weaponized use establish this as a credible and serious vulnerability.
Triage Info
Decided atFeb 18, 2026
Published DateJun 23, 2023