CVE-2023-40417 — Apple IOS AND Ipados vulnerability

7 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 37.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Safari +3 more

Timeline

PublishedSep 27

Description

A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages9 packages

▶CVEListV5apple/macosunspecified — 14

▶NVDapple/macos< 14.0

▶CVEListV5apple/safariunspecified — 17

▶NVDapple/ipados< 17.0

▶NVDapple/safari< 17.0

🔴Vulnerability Details

GHSA

GHSA-w477-vjwg-hjjx: A window management issue was addressed with improved state management↗2023-09-27

▶

CVEList

CVE-2023-40417: A window management issue was addressed with improved state management↗2023-09-26

▶

📋Vendor Advisories

Apple

CVE-2023-40417: macOS Sonoma 14↗2023-09-26

▶

Apple

CVE-2023-40417: Safari 17↗2023-09-26

▶

Apple

CVE-2023-40417: iOS 17 and iPadOS 17↗2023-09-18

▶

Apple

CVE-2023-40417: watchOS 10↗2023-09-18

▶