PT-2023-4201 · Apple+8 · Safari+14

Jikai Ren

+1

·

Publicado

2023-07-18

·

Atualizado

2024-04-26

·

CVE-2023-38595

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Safari versions prior to 16.6 watchOS versions prior to 9.6
Description The issue is related to processing web content and may lead to arbitrary code execution. It is caused by a buffer overflow in the WebKitGTK and WPE WebKit modules. A remote attacker can exploit this issue to execute arbitrary code.
Recommendations For iOS versions prior to 16.6, update to iOS 16.6 or later. For iPadOS versions prior to 16.6, update to iPadOS 16.6 or later. For tvOS versions prior to 16.6, update to tvOS 16.6 or later. For macOS Ventura versions prior to 13.5, update to macOS Ventura 13.5 or later. For Safari versions prior to 16.6, update to Safari 16.6 or later. For watchOS versions prior to 9.6, update to watchOS 9.6 or later.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALSA-2023:6535
ALSA-2023:7055
BDU:2023-04516
CESA-2023_4202
CESA-2023_7055
CVE-2023-38595
DSA-5468-1
MGASA-2024-0148
OPENSUSE-SU-2023_3233-1
OPENSUSE-SU-2023_3419-1
OPENSUSE-SU-2023_3753-1
RHSA-2023:4201
RHSA-2023:4202
RHSA-2023:6535
RHSA-2023:7055
RHSA-2023_4201
RHSA-2023_4202
RHSA-2023_6535
RHSA-2023_7055
RHSA-2025:10364
SUSE-SU-2023:3233-1
SUSE-SU-2023:3237-1
SUSE-SU-2023:3300-1
SUSE-SU-2023:3419-1
SUSE-SU-2023:3753-1
USN-6289-1

Produtos afetados

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Safari
Suse
Ubuntu
Ios
Ipados
Macos Ventura
Tvos
Watchos