CVE-2023-42916

ENISA EUVD: EUVD-2023-47337 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: Feb. 18, 2026 11 articles Published: 2023-11-30
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.05%
probability
This CVE has a 0.05% probability of being exploited in the next 30 days.
0% Top 15.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
6.5
MEDIUM
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Description

VulnerabilityLookup (CNA)
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Affected Products

Apple
Safari
unspecified
Apple
macOS
unspecified
Apple
iOS and iPadOS
unspecified

Attack Intelligence

Google Project Zero

Patched
Nov. 30, 2023
Reported by
Clément Lecigne of Google's Threat Analysis Group
Root Cause Analysis
???

Signal Intelligence

Confidence
92%
EPSS 0.05%
CVSS v3.1 6.5
Mentions 11
Last Seen Mar 11, 2025

CNA Information

CNA Assigner
apple

Analyst Note

This CVE is confirmed as an actively exploited zero-day with strong evidence of real-world attacks described as 'extremely sophisticated' by Apple and documented by Google Project Zero. Multiple credible sources (BleepingComputer) corroborate active exploitation in the wild, and Apple has issued security patches across iOS, iPadOS, macOS, and Safari, with explicit acknowledgment of prior exploitation.

Triage Info

Decided atFeb 18, 2026
Published DateNov 30, 2023