theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2023-43000

CISA KEV

Published March 5, 2026 · Updated April 3, 2026

high

What This Means

**CVE-2023-43000: WebKit Use-After-Free in Apple Products** A use-after-free vulnerability exists in WebKit (Apple's browser engine) across macOS, iOS, iPadOS, and Safari 16.6 that allows attackers to corrupt memory by serving maliciously crafted web content. Successful exploitation results in arbitrary code execution with the privileges of the affected application or user. Patch immediately to Safari 16.6.1 or later, macOS 13.5.1 or later, iOS 16.5.1 or later, and iPadOS 16.5.1 or later; this vulnerability is actively exploited in the wild.

Official Description+

Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.

Affected Products

VendorProduct
AppleMultiple Products

Patch Status

Patch by 2026-03-26

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2023-43000.