Out-of-Bounds Read Vulnerability in Apple iOS and macOS Products
CVE-2023-42916

6.5MEDIUM

Key Information:

Vendor
Apple
Status
Safari
Mac OS
iOS And iPad OS
Vendor
CVE Published:
30 November 2023

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

An out-of-bounds read vulnerability has been identified in Apple’s iOS, iPadOS, macOS, and Safari products. This flaw can potentially allow an attacker to access sensitive information through abnormal web content processing. Apple has released updates to address this issue in iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2. There are reports indicating that this vulnerability could have been exploited in earlier versions before iOS 16.7.1, highlighting the importance of upgrading to the latest software versions to ensure maximum security.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 17.1

macOS < 14.1

Safari < 17.1

News Articles

favicon imageCybersecurityNews

Apple Urgently Patches Zero-day Flaw Exploited in the Wild

Apple has released an emergency security update for patching two actively exploited zero-day vulnerabilities on iOS.

3 days ago

favicon imageDuo Security

Apple Fixes Two Actively Exploited WebKit Bugs

The bugs (CVE-2023-42916 and CVE-2023-42917) enable sensitive information disclosure and arbitrary code execution.

favicon imageHelp Net Security

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) - Help Net Security

Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) exploited against versions of iOS before iOS 16.7.1.

References

https://support.apple.com/en-us/HT214033
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214031

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.