Arbitrary Code Execution Vulnerability in Apple's iOS and macOS Products
CVE-2023-42875

7.3HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; Watch OS; TV OS
Vendor: CVE Published:; 11 April 2025

What is CVE-2023-42875?

A vulnerability exists in Apple's operating systems and browsers that could allow attackers to execute arbitrary code via processed web content. The flaw arises from improper memory handling, which has been addressed in recent updates across various Apple platforms, including iOS, iPadOS, macOS, watchOS, tvOS, and Safari. Users are urged to update their devices to mitigate potential risks associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 17

macOS < 14

Safari < 17

References

https://support.apple.com/en-us/120949

https://support.apple.com/en-us/120950

https://support.apple.com/en-us/120948

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Sep 14, 2023