Use-After-Free Vulnerability in Apple Products
CVE-2023-41976

8.8HIGH

Key Information:

Vendor: Apple
Status: iOS and iPadOS; Safari; tvOS; macOS
Vendor: CVE Published:; 25 October 2023

Summary

A critical use-after-free vulnerability exists in several Apple products, where flawed memory management could potentially allow an attacker to execute arbitrary code through specially crafted web content. Users are encouraged to update their devices to the latest versions to mitigate this security risk.

Affected Version(s)

iOS and iPadOS < 16.7

iOS and iPadOS < 17.1

macOS < 14.1

References

https://support.apple.com/en-us/HT213981

https://support.apple.com/en-us/HT213986

https://support.apple.com/en-us/HT213987

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Sep 6, 2023