CVE-2023-42833Code Injection in Apple IOS AND Ipados

CWE-94Code Injection9 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple MacosApple Safari+2 more
Timeline
PublishedJan 10
Latest updateFeb 5

Description

A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5apple/macosunspecified14
NVDapple/macos< 14.0
CVEListV5apple/safariunspecified17
NVDapple/ipados< 17.0
NVDapple/safari< 17.0

🔴Vulnerability Details

3
GHSA
GHSA-q6j4-xjv3-96rj: A correctness issue was addressed with improved checks2024-01-11
CVEList
CVE-2023-42833: A correctness issue was addressed with improved checks2024-01-10
OSV
CVE-2023-42833: A correctness issue was addressed with improved checks2024-01-10

📋Vendor Advisories

5
Red Hat
webkitgtk: Processing web content may lead to arbitrary code execution2024-02-05
Apple
CVE-2023-42833: Safari 172023-09-26
Apple
CVE-2023-42833: macOS Sonoma 142023-09-26
Apple
CVE-2023-42833: iOS 17 and iPadOS 172023-09-18
Debian
CVE-2023-42833: webkit2gtk - A correctness issue was addressed with improved checks. This issue is fixed in m...2023
CVE-2023-42833 — Code Injection in Apple IOS AND Ipados | cvebase