Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption with potential for arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

WebKitGTK contains a memory handling flaw that allows attackers to craft malicious web pages which, when rendered, can corrupt memory through buffer overflows or out‑of‑bounds writes, potentially leading to arbitrary code execution or denial of service.

Affected Systems

Affected Apple products include Safari on macOS Sonoma as well as iOS and iPadOS devices, with specific patched versions in iOS 17.2, iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, and prior mobile releases; various Red Hat Enterprise Linux releases such as RHEL 8.x and RHEL 9.x are also listed as impacted.

Risk and Exploitability

The CVSS score of 8.8 classifies the issue as high severity, but an EPSS score of less than 1% suggests a low likelihood of current exploitation; the vulnerability is not in the CISA KEV catalog, and exploitation would require an attacker to supply specially crafted web content viewed in Safari or another WebKitGTK‑based component, potentially enabling the user to run arbitrary code.

Generated by OpenCVE AI on March 25, 2026 at 20:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade iOS, iPadOS, macOS, and Safari to the latest patched releases (iOS 17.2, iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2).
  • Apply the latest Red Hat Enterprise Linux security updates that address this WebKitGTK issue, as referenced by the CVE advisories.
  • For systems unable to patch immediately, block or quarantine the known malicious web content or implement a web filter to prevent rendering potentially dangerous pages.

Generated by OpenCVE AI on March 25, 2026 at 20:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses CWE-787
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Fri, 20 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title webkitgtk: Processing maliciously crafted web content may lead to memory corruption
First Time appeared Redhat
Redhat enterprise Linux
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
Weaknesses CWE-120
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat
Redhat enterprise Linux
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
References

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple safari
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple safari

Thu, 12 Mar 2026 01:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Safari
Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-03-13T03:55:38.421Z

Reserved: 2023-09-14T19:05:11.492Z

Link: CVE-2023-43010

cve-icon Vulnrichment

Updated: 2026-03-12T23:06:37.916Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T01:15:54.493

Modified: 2026-03-25T18:45:58.950

Link: CVE-2023-43010

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2023-43010 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:29:01Z

Weaknesses