CVE-2023-42916
CVE-2023-42916
In short
A vulnerability in Apple devices allows malicious websites to read sensitive information from device memory by processing specially crafted web content. This happens because the software doesn't properly validate input before accessing memory.
Technical detail
An out-of-bounds read vulnerability in web content processing allows an unauthenticated attacker to disclose sensitive information through a malicious webpage. The flaw stems from insufficient input validation during memory access operations; exploitation requires user interaction with the malicious content.
Summary generated and translated by AI from the official description.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2023/Dec/12http://seclists.org/fulldisclosure/2023/Dec/13http://seclists.org/fulldisclosure/2023/Dec/3http://seclists.org/fulldisclosure/2023/Dec/4http://seclists.org/fulldisclosure/2023/Dec/5http://seclists.org/fulldisclosure/2023/Dec/8http://seclists.org/fulldisclosure/2024/Jan/35https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/https://security.gentoo.org/glsa/202401-04https://support.apple.com/en-us/HT214031https://support.apple.com/en-us/HT214032