Memory Handling Vulnerability in Apple Products
CVE-2023-42866

8.8HIGH

Key Information:

Vendor: Apple
Status: Safari; tvOS; iOS and iPadOS; macOS
Vendor: CVE Published:; 10 January 2024

What is CVE-2023-42866?

A vulnerability affecting multiple Apple products was identified that relates to improper memory handling during web content processing. This flaw has the potential to allow malicious actors to execute arbitrary code on affected devices, thereby compromising security. Apple has provided fixes in macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, tvOS 16.6, Safari 16.6, and watchOS 9.6, underscoring the necessity for users to update their systems promptly to mitigate risks.

Affected Version(s)

iOS and iPadOS < 16.6

macOS < 13.5

Safari < 16.6

References

https://support.apple.com/en-us/HT213847

https://support.apple.com/en-us/HT213846

https://support.apple.com/en-us/HT213841

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Sep 14, 2023