CVE-2023-42917
CVE-2023-42917
In short
A memory corruption flaw in Apple's web processing could allow attackers to run malicious code on your device when you visit a harmful website. This has been fixed in recent updates to iOS, iPadOS, macOS, and Safari.
Technical detail
A heap buffer overflow (CWE-787) in web content processing allows remote code execution via crafted web pages. The vulnerability requires user interaction (visiting a malicious site) and affects iOS, iPadOS, macOS, and Safari. Fixed through improved synchronization primitives in versions iOS 17.1.2+, macOS Sonoma 14.1.2+, and Safari 17.1.2+.
Summary generated and translated by AI from the official description.
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2023/Dec/12http://seclists.org/fulldisclosure/2023/Dec/13http://seclists.org/fulldisclosure/2023/Dec/3http://seclists.org/fulldisclosure/2023/Dec/4http://seclists.org/fulldisclosure/2023/Dec/5http://seclists.org/fulldisclosure/2023/Dec/8http://seclists.org/fulldisclosure/2024/Jan/35https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/https://security.gentoo.org/glsa/202401-04https://support.apple.com/en-us/HT214031https://support.apple.com/en-us/HT214032