CVE-2023-38592
published 2023-07-28CVE-2023-38592: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing…
PriorityP351high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.10%
61.6th percentile
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.6_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.6 | 16.6 |
| apple | ipados | >= 16.0 < 16.6 | 16.6 |
| apple | iphone_os | >= 16.0 < 16.6 | 16.6 |
| apple | macos | >= 13.0 < 13.5 | 13.5 |
| apple | macos | >= unspecified < 13.5 | 13.5 |
| apple | macos_ventura | — | — |
| apple | safari | — | — |
| apple | tvos | < 16.6 | 16.6 |
| apple | tvos | — | — |
| apple | tvos | >= unspecified < 16.6 | 16.6 |
| apple | watchos | < 9.6 | 9.6 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 9.6 | 9.6 |
| debian | webkit2gtk | < webkit2gtk 2.40.5-1~deb12u1 (bookworm) | webkit2gtk 2.40.5-1~deb12u1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.40.5-1~deb12u1 (bookworm) | webkit2gtk 2.40.5-1~deb12u1 (bookworm) |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-959x-mqwc-q2fp: A logic issue was addressed with improved restrictions
ghsa_unreviewed·2023-07-28
CVE-2023-38592 [HIGH] GHSA-959x-mqwc-q2fp: A logic issue was addressed with improved restrictions
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
OSV
CVE-2023-38592: A logic issue was addressed with improved restrictions
osv·2023-07-28·CVSS 8.8
CVE-2023-38592 [HIGH] CVE-2023-38592: A logic issue was addressed with improved restrictions
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2023-08-15
CVE-2023-38572 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: Processing web content may lead to arbitrary code execution
vendor_redhat·2023-08-02·CVSS 8.8
CVE-2023-38592 [HIGH] CWE-119 webkitgtk: Processing web content may lead to arbitrary code execution
webkitgtk: Processing web content may lead to arbitrary code execution
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Affected
Apple
CVE-2023-38592: tvOS 16.6
vendor_apple·2023-07-24·CVSS 8.8
CVE-2023-38592 [HIGH] CVE-2023-38592: tvOS 16.6
Apple Security Update: About the security content of tvOS 16.6
Product: tvOS
Version: 16.6
CVE: CVE-2023-38592
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2023-38592: iOS 16.6 and iPadOS 16.6
vendor_apple·2023-07-24·CVSS 8.8
CVE-2023-38592 [HIGH] CVE-2023-38592: iOS 16.6 and iPadOS 16.6
Apple Security Update: About the security content of iOS 16.6 and iPadOS 16.6
Product: iOS 16.6 and iPadOS
Version: 16.6
CVE: CVE-2023-38592
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2023-38592: macOS Ventura 13.5
vendor_apple·2023-07-24·CVSS 8.8
CVE-2023-38592 [HIGH] CVE-2023-38592: macOS Ventura 13.5
Apple Security Update: About the security content of macOS Ventura 13.5
Product: macOS Ventura
Version: 13.5
CVE: CVE-2023-38592
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2023-38592: watchOS 9.6
vendor_apple·2023-07-24·CVSS 8.8
CVE-2023-38592 [HIGH] CVE-2023-38592: watchOS 9.6
Apple Security Update: About the security content of watchOS 9.6
Product: watchOS
Version: 9.6
CVE: CVE-2023-38592
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2023-38592: Safari 16.6
vendor_apple·2023-07-24·CVSS 8.8
CVE-2023-38592 [HIGH] CVE-2023-38592: Safari 16.6
Apple Security Update: About the security content of Safari 16.6
Product: Safari
Version: 16.6
CVE: CVE-2023-38592
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
Debian
CVE-2023-38592: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i...
vendor_debian·2023·CVSS 8.8
CVE-2023-38592 [HIGH] CVE-2023-38592: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i...
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 2.40.5-1~deb12u1)
bullseye: resolved (fixed in 2.40.5-1~deb11u1)
forky: resolved (fixed in 2.40.5-1)
sid: resolved (fixed in 2.40.5-1)
trixie: resolved (fixed in 2.40.5-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2023/08/02/1https://lists.fedoraproject.org/archives/list/[email protected]/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/https://lists.fedoraproject.org/archives/list/[email protected]/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/https://security.gentoo.org/glsa/202401-04https://support.apple.com/en-us/HT213841https://support.apple.com/en-us/HT213843https://support.apple.com/en-us/HT213846https://support.apple.com/en-us/HT213848https://www.debian.org/security/2023/dsa-5468http://www.openwall.com/lists/oss-security/2023/08/02/1https://lists.fedoraproject.org/archives/list/[email protected]/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/https://lists.fedoraproject.org/archives/list/[email protected]/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/https://security.gentoo.org/glsa/202401-04https://support.apple.com/en-us/HT213841https://support.apple.com/en-us/HT213843https://support.apple.com/en-us/HT213846https://support.apple.com/en-us/HT213848https://www.debian.org/security/2023/dsa-5468
2023-07-28
Published