CVE-2023-32435

Name of the Vulnerable Software and Affected Versions WebKitGTK versions prior to 2.40.4-0ubuntu0.22.04.1 Safari versions prior to 16.4 iOS versions prior to 16.4 and iPadOS versions prior to 16.4 iOS versions prior to 15.7.7 and iPadOS versions prior to 15.7.7 macOS Ventura versions prior to 13.3

Description This vulnerability is a memory corruption issue within WebKit, potentially allowing arbitrary code execution. The issue stems from improved state management and has been reported as actively exploited in the wild against iOS versions released before iOS 15.7. The vulnerability affects multiple Apple products, including Safari, iOS, and iPadOS, as well as WebKitGTK. The root cause involves a memory corruption issue within WASM due to allowing moving of not fitting offsets into instruction.

Recommendations Update WebKitGTK to version 2.40.4-0ubuntu0.22.04.1 or later. Update Safari to version 16.4 or later. Update iOS to version 16.4 or later. Update iPadOS to version 16.4 or later. Update macOS Ventura to version 13.3 or later. Update iOS to version 15.7.7 or later. Update iPadOS to version 15.7.7 or later.