PT-2023-5642 · Apple+8 · Safari+14

Daniel Genkin

+5

·

Publicado

2023-07-24

·

Atualizado

2024-04-26

·

CVE-2023-38599

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Safari versions prior to 16.6 watchOS versions prior to 9.6 iOS versions prior to 15.7.8 and prior to 16.6 iPadOS versions prior to 15.7.8 and prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5
Description A logic issue was addressed with improved state management, which may allow a website to track sensitive user information. This issue is related to the WebKitGTK and WPE WebKit modules, and its exploitation can lead to the disclosure of protected information.
Recommendations For Safari versions prior to 16.6, update to Safari 16.6 or later. For watchOS versions prior to 9.6, update to watchOS 9.6 or later. For iOS versions prior to 15.7.8, update to iOS 15.7.8 or later. For iOS versions prior to 16.6, update to iOS 16.6 or later. For iPadOS versions prior to 15.7.8, update to iPadOS 15.7.8 or later. For iPadOS versions prior to 16.6, update to iPadOS 16.6 or later. For tvOS versions prior to 16.6, update to tvOS 16.6 or later. For macOS Ventura versions prior to 13.5, update to macOS Ventura 13.5 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALSA-2023:6535
ALSA-2023:7055
BDU:2023-06302
CESA-2023_7055
CVE-2023-38599
DSA-5468-1
MGASA-2024-0148
OPENSUSE-SU-2023_3233-1
OPENSUSE-SU-2023_3419-1
OPENSUSE-SU-2023_3753-1
RHSA-2023:6535
RHSA-2023:7055
RHSA-2023_6535
RHSA-2023_7055
RHSA-2025:10364
SUSE-SU-2023:3233-1
SUSE-SU-2023:3237-1
SUSE-SU-2023:3300-1
SUSE-SU-2023:3419-1
SUSE-SU-2023:3753-1
USN-6289-1

Produtos afetados

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Safari
Suse
Ubuntu
Ios
Ipados
Macos Ventura
Tvos
Watchos