CVE-2023-40448

8.6 HIGH

Published: September 27, 2023 Modified: November 04, 2025

Description

The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/10

Source: product-security@apple.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/3

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2023/Oct/4

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2023/Oct/8

Source: product-security@apple.com

https://support.apple.com/en-us/HT213927

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213936

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213937

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213938

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213940

Source: product-security@apple.com

Vendor Advisory

http://seclists.org/fulldisclosure/2023/Oct/10