CVE-2023-42917
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 14, 2023
- Published Date
- November 30, 2023
- Last Updated
- February 13, 2025
- Vendor
- Apple
- Product
- Safari, macOS, iOS and iPadOS
- Description
- A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2023-12-04 00:00:00 UTC) Source
References
https://support.apple.com/en-us/HT214033
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214031
https://support.apple.com/kb/HT214033
http://www.openwall.com/lists/oss-security/2023/12/05/1
https://lists.fedoraproject.org/archives/list/[email protected]/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
https://lists.fedoraproject.org/archives/list/[email protected]/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
https://support.apple.com/kb/HT214034
https://www.debian.org/security/2023/dsa-5575
http://seclists.org/fulldisclosure/2023/Dec/3
http://seclists.org/fulldisclosure/2023/Dec/4
http://seclists.org/fulldisclosure/2023/Dec/5
http://seclists.org/fulldisclosure/2023/Dec/8
http://seclists.org/fulldisclosure/2023/Dec/13
http://seclists.org/fulldisclosure/2023/Dec/12
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/kb/HT214062
http://seclists.org/fulldisclosure/2024/Jan/35
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-12-04 00:00:00 UTC |