CVE-2023-42917

8.8HIGH

Key Information

Vendor
Apple
Status
Safari
Mac OS
iOS And iPad OS
Vendor
CVE Published:
30 November 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-42917 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Affected Version(s)

Safari < 17.1

macOS < 14.1

iOS and iPadOS < 17.1

News Articles

favicon imageDuo Security

Apple Fixes Two Actively Exploited WebKit Bugs

The bugs (CVE-2023-42916 and CVE-2023-42917) enable sensitive information disclosure and arbitrary code execution.

9 months ago

favicon imageHelp Net Security

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) - Help Net Security

Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) exploited against versions of iOS before iOS 16.7.1.

1 year ago

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • First article discovered by Help Net Security

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA Database2 News Article(s)
.