Memory Handling Flaw in Apple Products Leading to Code Execution
CVE-2023-42899

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; TV OS; Watch OS
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-42899?

A memory handling issue has been identified in certain Apple products, allowing for the potential execution of arbitrary code when processing an image. This vulnerability affects various systems including macOS, iOS, watchOS, and tvOS, underscoring the importance of regular updates for maintaining security. Apple has released fixes in their latest versions to address this critical concern.

Affected Version(s)

iOS and iPadOS < 17.2

iOS and iPadOS < 16.7

macOS < 13.6

References

https://support.apple.com/en-us/HT214035

https://support.apple.com/en-us/HT214034

https://support.apple.com/en-us/HT214038

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Sep 14, 2023