Logic Issue in Apple Products Could Allow Code Execution
CVE-2023-42852

8.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Safari; TV OS; Mac OS
Vendor: CVE Published:; 25 October 2023

What is CVE-2023-42852?

A logic issue within various Apple operating systems has been addressed with improved checks. This vulnerability may allow malicious actors to execute arbitrary code through the processing of specially crafted web content. Users are encouraged to update their devices to the latest software versions to mitigate this risk effectively.

Affected Version(s)

iOS and iPadOS < 16.7

iOS and iPadOS < 17.1

macOS < 14.1

References

https://support.apple.com/en-us/HT213981

https://support.apple.com/en-us/HT213986

https://support.apple.com/en-us/HT213987

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Sep 14, 2023