CVE-2023-42916: Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Published Nov 30, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
an anonymous researcher, Zhenjiang Zhao(Pangu Team), Qianxin, Junsung Lee, Meysam Firouzi@@R00tkitSMM, Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), CVE-2023-42893, Csaba Fitzl@@theevilbit(OffSec), Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), Csaba Fitzl@@theevilbit(Offensive Security), Joshua Jewett@@JoshJewett33, Pwn2car, Zoom Offensive Security Team, Clément Lecigne(Google's Threat Analysis Group), Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), rushikesh nandedkar, rushikesh nandedka, Noah Roskin-Frazee, Pr, Kirin@@Pwnrin, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative)
Affected Software
34 affected componentsFixes available
ubuntu/webkit2gtk<2.42.3-0ubuntu0.22.04.1
2.42.3-0ubuntu0.22.04.1
ubuntu/webkit2gtk<2.42.3-0ubuntu0.23.04.1
2.42.3-0ubuntu0.23.04.1
ubuntu/webkit2gtk<2.42.3-0ubuntu0.23.10.1
2.42.3-0ubuntu0.23.10.1
ubuntu/webkit2gtk<2.42.3
2.42.3
debian/webkit2gtk<=2.36.4-1~deb10u1, <=2.38.6-0+deb10u1, <=2.42.2-1~deb11u1, <=2.42.2-1~deb12u1
2.42.5-1~deb11u12.42.5-1~deb12u12.42.5-12.44.1-1
debian/wpewebkit<=2.38.6-1~deb11u1, <=2.38.6-1
2.42.5-12.44.1-1
Apple Multiple Products
Apple macOS Sonoma<14.1.2
14.1.2
Apple tvOS<17.2
17.2
Apple iPhone
Apple Mac
Apple TV
Apple Watch
Apple WatchOS<10.2
10.2
Apple Safari<17.1.2
17.1.2
Apple iOS<17.1.2
17.1.2
Apple iPadOS<17.1.2
17.1.2
Apple iOS<16.7.3
16.7.3
Apple iPadOS<16.7.3
16.7.3
Apple iOS<15.8.1
15.8.1
Apple iPadOS<15.8.1
15.8.1
Apple Safari<17.1.2
Apple iPadOS<15.8.1
Apple iPadOS>=16.0<16.7.3
Apple iPadOS>=17.0<17.1.2
Apple iPhone OS<15.8.1
Apple iPhone OS>=16.0<16.7.3
Apple iPhone OS>=17.0<17.1.2
Apple macOS>=14.0<14.1.2
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Debian Debian Linux=11.0
Debian Debian Linux=12.0
WebKitGTK Webkitgtk\+<2.42.3
Remediation
Information
Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Event History
Nov 30, 2023
CVE Published
via Ubuntu·12:00 AM
CVE Published
via MITRE·10:18 PM
Data Sourced
via MITRE·10:18 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Dec 1, 2023
News Published
09:31 PM
Dec 4, 2023
Known Exploited
via CISA·12:00 AM
Dec 5, 2023
Data Sourced
via Red Hat·07:33 PM
DescriptionSeverityAffected Software
Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Dec 13, 2023
News Published
12:41 AM
Jan 31, 2024
News Published
via BleepingComputer·07:02 PM
News Published
via BleepingComputer·07:04 PM
Feb 1, 2024
Data Sourced
via Launchpad·04:37 PM
Description
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-42916.
2
What is the title of this vulnerability?
The title of this vulnerability is 'WebKit. An out-of-bounds read was addressed with improved input validation.'
3
What is the severity of CVE-2023-42916?
The severity of CVE-2023-42916 is not mentioned in the description.
4
How can this vulnerability be exploited?
This vulnerability can be exploited by processing web content, which may disclose sensitive information.
5
How can I fix this vulnerability?
To fix this vulnerability, update to the latest versions of affected software: iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2.