Memory Corruption Vulnerability in Apple Products
CVE-2023-42917

8.8HIGH

Key Information:

Vendor
Apple
Status
Safari
Mac OS
iOS And iPad OS
Vendor
CVE Published:
30 November 2023

Badges

๐Ÿ‘พ Exploit Exists๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

Summary

A memory corruption flaw has been discovered in various Apple products, including iOS, iPadOS, macOS, and Safari. This vulnerability can lead to arbitrary code execution when processing web content. Apple has addressed this issue in updates for iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2. Users are encouraged to update their devices to mitigate potential exploitation of this vulnerability, which may affect earlier versions of iOS before 16.7.1.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 17.1

macOS < 14.1

Safari < 17.1

News Articles

favicon imageCybersecurityNews

Apple Urgently Patches Zero-day Flaw Exploited in the Wild

Apple has released an emergency security update for patching two actively exploited zero-day vulnerabilities on iOS.

3 days ago

favicon imageDuo Security

Apple Fixes Two Actively Exploited WebKit Bugs

The bugs (CVE-2023-42916 and CVE-2023-42917) enable sensitive information disclosure and arbitrary code execution.

favicon imageHelp Net Security

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) - Help Net Security

Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) exploited against versions of iOS before iOS 16.7.1.

References

https://support.apple.com/en-us/HT214033
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214031

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • ๐Ÿ“ฐ

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.