Memory Handling Vulnerability in Apple Products
CVE-2023-42898

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Mac OS; Watch OS
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-42898?

A memory handling issue in Apple's software can lead to arbitrary code execution when processing crafted images. This vulnerability affects various Apple platforms, necessitating updates to macOS Sonoma 14.2, watchOS 10.2, iOS 17.2, iPadOS 17.2, and tvOS 17.2 to mitigate potential exploitation. Users are urged to apply available patches immediately to secure their devices.

Affected Version(s)

iOS and iPadOS < 17.2

macOS < 14.2

tvOS < 17.2

References

https://support.apple.com/en-us/HT214035

https://support.apple.com/en-us/HT214040

https://support.apple.com/en-us/HT214036

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Sep 14, 2023