CVE-2023-37450
ENISA EUVD: EUVD-2023-41350 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: Feb. 18, 2026
18 articles
Published: 2023-07-26
EPSS Score
Source: FIRST.org · 2026-05-23
0.07%
probability
This CVE has a 0.07% probability
of being exploited in the next 30 days.
0%
Top 22.1th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Affected Products
Apple
Safari
unspecified
Apple
tvOS
unspecified
Apple
iOS and iPadOS
unspecified
Apple
macOS
unspecified
Apple
watchOS
unspecified
Google Project Zero
Patched
July 10, 2023
Reported by
???
Root Cause Analysis
???
Signal Intelligence
Confidence
92%
EPSS
0.07%
CVSS v3.1
8.8
Mentions
18
Last Seen
Mar 11, 2025
CNA Information
CNA Assigner
apple
Analyst Note
CVE-2023-37450 demonstrates clear indicators of active exploitation with confirmed zero-day status from Google Project Zero, high CVSS score (8.8), and multiple credible reports describing sophisticated attacks. Apple's official statement acknowledging active exploitation and issuing patches across multiple platforms further corroborates the confirmed classification.
Triage Info
Decided atFeb 18, 2026
Published DateJul 26, 2023