Threats / Apple / CVE-2023-41993
CVE-2023-41993
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-06-22
Apple Multiple Products vulnerability
Apple WebKit vulnerability in iOS, iPadOS, macOS, and Safari allows remote code execution through maliciously crafted web content. Affects multiple Apple products and third-party applications using WebKit.
Verdict
Today item — known-exploited.
Unspecified code execution vulnerability in WebKit HTML parsing. Exploited in the wild. Impacts Apple platforms and any third-party software relying on WebKit for content rendering. Requires user interaction with malicious web content.
01
Is it exploitable?
— the evidence, ranked above the scoreExploit available
Public proof-of-concept exploit code is cataloged for this vulnerability.We link the existence of the exploit; we do not host or redistribute payloads.
Reported exploitation
20 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-09-25).
Probability (EPSS)
EPSS 0.29179 — modeled likelihood of exploitation activity.EPSS is a daily-changing model output — open the source for today's value.
Severity / affected
Affected: Apple, Multiple Products. Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-754 Improper Check for Unusual Conditions.CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then board1
Front door — unauthenticated access narrative 1
Attacker
I craft malicious web content designed to exploit WebKit's HTML parsing logic.
Business
Attackers gain ability to execute arbitrary code on victim devices without user awareness of the exploit mechanism.
2
Keys to the kingdom — privilege/identity takeover narrative 2
Attacker
I host the malicious content on a website or distribute it via email, messaging, or social engineering.
Business
Attack surface expands across web browsing, email clients, and messaging applications that embed WebKit renderers.
3
Lateral reach — past segmentation narrative 3
Attacker
I achieve code execution when a user visits the malicious page or views the content in a vulnerable application.
Business
Compromised devices become entry points for data theft, malware installation, or lateral movement within enterprise networks.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05