CVE-2023-28206

Vulnerability updated a month ago (2024-11-29T14:28:43.449Z)
Download STIX
Preview STIX
CVE-2023-28206 is a significant software vulnerability that was discovered in April 2023. This flaw, along with another known as CVE-2023-28205, were identified as zero-day vulnerabilities, meaning they were actively exploited before developers had an opportunity to create and distribute patches. These vulnerabilities affected Android, iOS, and Chrome platforms, posing a serious threat to users across these systems. The exploitation of CVE-2023-28206 was particularly severe due to its potential use in attack chains to install spyware on devices. High-risk targets were especially vulnerable, as attackers could utilize this flaw alongside other zero-day and n-day defects in Android, iOS, and Chrome to gain control over their devices. In some instances, a booby-trapped app was used to exploit the second bug (CVE-2023-28206), enabling attackers to take over the entire device. In response to the discovery and active exploitation of these vulnerabilities, Apple released patches for both CVE-2023-28206 and CVE-2023-28205 in April. Following this, a series of interventions took place over subsequent months to address additional zero-days identified in May, June, and July. These efforts underscore the ongoing challenges and necessary responses to software vulnerabilities in maintaining the security of digital platforms.
Description last updated: 2024-05-04T16:15:23.731Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apple
Exploit
Vulnerability
exploited
Webkit
Apple’s
Macos
Ios
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-28205 Vulnerability is associated with CVE-2023-28206. CVE-2023-28205 is a critical risk vulnerability that originated from a missing fix in WebKit #VU74604. This flaw in software design or implementation allowed attackers to take over the browser app of targeted devices remotely, leading to potential data corruption or arbitrary code execution when reuUnspecified
3
Source Document References
Information about the CVE-2023-28206 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago