CVE-2023-42916
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0005
Percentile
0,1th
Updated
EPSS Score Trend (Last 90 Days)
125
Out-of-bounds Read
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Other
Potential Impacts:
Read Memory
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Varies By Context
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Technologies:
ICS/OT
Operating System
Ipados by Apple
Version Range Affected
To
15.8.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ipados by Apple
Version Range Affected
From
17.0
(inclusive)
To
17.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ipados by Apple
Version Range Affected
From
16.0
(inclusive)
To
16.7.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Iphone Os by Apple
Version Range Affected
To
15.8.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Iphone Os by Apple
Version Range Affected
From
17.0
(inclusive)
To
17.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webkitgtk\+ by Webkitgtk
Version Range Affected
To
2.42.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Macos by Apple
Version Range Affected
From
14.0
(inclusive)
To
14.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Iphone Os by Apple
Version Range Affected
From
16.0
(inclusive)
To
16.7.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Safari by Apple
Version Range Affected
To
17.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023…
http://seclists.org/fulldisclosure/2023/Dec/12
http://seclists.org/fulldisclosure/2023/Dec/13
http://seclists.org/fulldisclosure/2023/Dec/3
http://seclists.org/fulldisclosure/2023/Dec/4
http://seclists.org/fulldisclosure/2023/Dec/5
http://seclists.org/fulldisclosure/2023/Dec/8
http://seclists.org/fulldisclosure/2024/Jan/35
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT214031
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214033
https://support.apple.com/kb/HT214033
https://support.apple.com/kb/HT214034
https://support.apple.com/kb/HT214062
https://www.debian.org/security/2023/dsa-5575
http://www.openwall.com/lists/oss-security/2023/12/05/1
http://seclists.org/fulldisclosure/2023/Dec/12
http://seclists.org/fulldisclosure/2023/Dec/13
http://seclists.org/fulldisclosure/2023/Dec/3
http://seclists.org/fulldisclosure/2023/Dec/4
http://seclists.org/fulldisclosure/2023/Dec/5
http://seclists.org/fulldisclosure/2023/Dec/8
http://seclists.org/fulldisclosure/2024/Jan/35
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT214031
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214033
https://support.apple.com/kb/HT214033
https://support.apple.com/kb/HT214034
https://support.apple.com/kb/HT214062
https://www.debian.org/security/2023/dsa-5575
http://www.openwall.com/lists/oss-security/2023/12/05/1