Cyber Posture

CVE-2023-43010

High

Published: 12 March 2026

Published
12 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-43010 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the WebKit memory corruption flaw via vendor patches like iOS 17.2 and Safari 17.2.

SI-16 Memory Protection good match
prevent

Implements memory-resident code protections such as address space randomization and stack guards to directly counter out-of-bounds write vulnerabilities in WebKit.

SI-3 Malicious Code Protection partial match
preventdetect

Deploys malicious code protection mechanisms to scan, detect, and block crafted web content exploiting the WebKit memory handling deficiency.

NVD Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead…

more

to memory corruption.

Deeper analysisAI

CVE-2023-43010 is a memory corruption vulnerability stemming from inadequate memory handling, classified under CWE-787 (Out-of-bounds Write). It affects Apple's WebKit engine, as used in Safari and integrated into iOS, iPadOS, and macOS Sonoma. The flaw is triggered by processing maliciously crafted web content and was assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Remote attackers can exploit this vulnerability by enticing users to interact with specially crafted web content, such as visiting a malicious website, requiring no privileges but relying on user interaction. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially enabling arbitrary code execution, data theft, or system compromise on affected devices.

Apple addressed the issue through improved memory handling in multiple releases: iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, as well as iOS 15.8.7 and iPadOS 15.8.7. Security practitioners should prioritize updating affected systems to these versions or later, with further details available in Apple's security advisories at https://support.apple.com/en-us/120300, https://support.apple.com/en-us/120877, https://support.apple.com/en-us/120879, https://support.apple.com/en-us/126632, and https://support.apple.com/en-us/126646.

Details

CWE(s)
CWE-787

Affected Products

apple
safari
≤ 17.2
apple
ipados
≤ 15.8.7 · 16.0 — 16.7.15 · 17.0 — 17.2
apple
iphone os
≤ 15.8.7 · 16.0 — 16.7.15 · 17.0 — 17.2
apple
macos
≤ 14.2

CVEs Like This One

CVE-2025-43202Same product: Apple Ipados
CVE-2025-43300Same product: Apple Ipados
CVE-2026-20616Same product: Apple Ipados
CVE-2025-24257Same product: Apple Ipados
CVE-2024-54543Same product: Apple Ipados
CVE-2024-54523Same product: Apple Ipados
CVE-2024-54517Same product: Apple Ipados
CVE-2025-24118Same product: Apple Ipados
CVE-2025-24150Same product: Apple Ipados
CVE-2024-54522Same product: Apple Ipados

References