CVE-2023-41993

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 16.6.1 Apple macOS versions prior to Ventura 13.6 Apple iOS versions prior to 16.7 Apple iPadOS versions prior to 16.7 Apple macOS Sonoma versions prior to 14 webkit2gtk versions prior to 2.42.1 Oracle Java SE version 8u401 Oracle GraalVM Enterprise Edition versions 20.3.13 and 21.3.9

Description A vulnerability exists in the WebKit engine, potentially allowing attackers to execute arbitrary code by processing malicious web content. This issue has been actively exploited in some instances, with reports indicating exploitation against iOS versions prior to 16.7. The vulnerability was addressed through improved checks in updated versions of the software. A threat actor, linked to Russia’s Foreign Intelligence Service (SVR), leveraged this vulnerability (CVE-2023-41993) in a watering hole campaign, compromising legitimate websites and redirecting visitors to malicious login pages to harvest Microsoft 365 credentials. Intellexa, a spyware vendor, also utilized this vulnerability as part of a zero-day exploit chain to deploy the Predator spyware on targets in Egypt. The exploit chain involved multiple zero-day vulnerabilities, including CVE-2023-41993, to gain deep access to devices.

Recommendations Update Apple Safari to version 16.6.1 or later. Update Apple macOS to version Ventura 13.6 or later, or macOS Sonoma 14 or later. Update Apple iOS to version 16.7 or later. Update Apple iPadOS to version 16.7 or later. Update webkit2gtk to version 2.42.1 or later. Update Oracle Java SE to a version after 8u401. Update Oracle GraalVM Enterprise Edition to a version after 20.3.13 and 21.3.9.