CVE-2023-37450 Overview
CVE-2023-37450 is an arbitrary code execution vulnerability in Apple WebKit, the web rendering engine used across Apple's ecosystem including Safari, iOS, iPadOS, macOS, tvOS, and watchOS. The vulnerability allows attackers to execute arbitrary code on affected devices when a user processes maliciously crafted web content. Apple has confirmed active exploitation in the wild, and this vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
Critical Impact
This vulnerability enables remote arbitrary code execution through malicious web content, with confirmed active exploitation in the wild. All Apple devices using WebKit are potentially affected.
Affected Products
- Apple Safari (versions prior to 16.5.2)
- Apple iOS and iPadOS (versions prior to 16.6)
- Apple macOS Ventura (versions prior to 13.5)
- Apple tvOS (versions prior to 16.6)
- Apple watchOS (versions prior to 9.6)
- WebKitGTK+
Discovery Timeline
- 2023-07-27 - CVE-2023-37450 published to NVD
- 2025-10-23 - Last updated in NVD database
Technical Details for CVE-2023-37450
Vulnerability Analysis
CVE-2023-37450 is a web content processing vulnerability in WebKit that stems from insufficient validation checks during content handling. When a user visits a malicious website or processes specially crafted web content, the vulnerability can be triggered, allowing an attacker to execute arbitrary code within the context of the affected application. The attack requires user interaction—specifically, the victim must be lured to a malicious webpage or induced to process attacker-controlled content.
WebKit serves as the foundation for all web rendering on Apple platforms, meaning this vulnerability has widespread impact across the entire Apple device ecosystem. The network-based attack vector combined with confirmed active exploitation makes this a particularly dangerous vulnerability that organizations should prioritize for remediation.
Root Cause
The root cause of this vulnerability is inadequate input validation and checking mechanisms within WebKit's web content processing functionality. Apple addressed the issue with improved checks, indicating that the original implementation failed to properly validate or sanitize certain web content before processing, creating a code execution pathway.
Attack Vector
The attack leverages the network to deliver malicious web content to target devices. An attacker can exploit this vulnerability by:
- Hosting malicious web content on an attacker-controlled website
- Compromising a legitimate website to inject malicious content
- Delivering malicious content through advertising networks or embedded content
- Sending phishing links via email, SMS, or messaging applications
When the victim accesses the malicious content using any WebKit-based browser or application, the vulnerability is triggered, potentially granting the attacker code execution capabilities on the target device.
The exploitation mechanism involves crafting specific web content that triggers the validation bypass in WebKit's processing routines. Due to the sensitive nature of this actively exploited vulnerability, specific exploitation techniques are not detailed here. For technical details, refer to the Apple Security Advisory and the CISA KEV entry.
Detection Methods for CVE-2023-37450
Indicators of Compromise
- Unexpected Safari or WebKit crashes immediately after visiting untrusted websites
- Abnormal network connections originating from browser processes to unknown external IP addresses
- Suspicious process spawning from Safari or WebKit-dependent applications
- Memory anomalies or unexpected code execution patterns in browser processes
Detection Strategies
- Monitor endpoint behavior for unusual child processes spawned by Safari or WebKit applications
- Deploy network monitoring to detect connections to known malicious infrastructure following web browsing sessions
- Implement browser security policies that restrict access to untrusted or unvetted websites
- Use threat intelligence feeds to block known domains associated with exploitation campaigns
Monitoring Recommendations
- Enable detailed logging for Safari and WebKit processes across managed Apple devices
- Monitor for out-of-band network connections that correlate with browser activity
- Track software version compliance to identify unpatched devices in the environment
- Configure Mobile Device Management (MDM) solutions to report on iOS, iPadOS, and macOS patch levels
How to Mitigate CVE-2023-37450
Immediate Actions Required
- Update all Apple devices to the latest patched versions immediately: iOS 16.6, iPadOS 16.6, Safari 16.5.2, macOS Ventura 13.5, tvOS 16.6, and watchOS 9.6
- Prioritize patching for devices that regularly access untrusted web content
- Communicate the urgency to end users and enforce update policies through MDM where possible
- Review network logs for potential exploitation attempts prior to patching
Patch Information
Apple has released security updates addressing CVE-2023-37450 across all affected platforms. Organizations should immediately apply these updates:
- Safari 16.5.2: Apple Security Update HT213841
- iOS 16.6 and iPadOS 16.6: Apple Security Update HT213841
- macOS Ventura 13.5: Apple Security Update HT213843
- tvOS 16.6: Apple Security Update HT213846
- watchOS 9.6: Apple Security Update HT213848
Linux distributions using WebKitGTK+ should also apply updates. See the Gentoo GLSA 202401-04 for additional guidance.
Workarounds
- Restrict access to untrusted websites through web filtering or proxy solutions until patching is complete
- Consider temporarily using alternative browsers that do not rely on WebKit for high-risk browsing activities
- Implement network segmentation to limit the impact of potential compromise
- Enable Lockdown Mode on iOS devices for high-risk users, which restricts certain web technologies
# Check Safari version on macOS
/Applications/Safari.app/Contents/MacOS/Safari --version
# Check macOS version
sw_vers -productVersion
# Force software update check on macOS
softwareupdate --list
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
