CVE-2023-39434

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions iOS versions prior to 17 iPadOS versions prior to 17 watchOS versions prior to 10 macOS Sonoma versions prior to 14

Description A use-after-free issue was addressed with improved memory management. Processing web content may lead to arbitrary code execution. This issue is related to the WebKitGTK and WPE WebKit modules, which are used for displaying web pages. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For iOS versions prior to 17, update to iOS 17 or later. For iPadOS versions prior to 17, update to iPadOS 17 or later. For watchOS versions prior to 10, update to watchOS 10 or later. For macOS Sonoma versions prior to 14, update to macOS Sonoma 14 or later. As a temporary workaround, consider restricting web content processing until a patch is available. Avoid using vulnerable WebKitGTK and WPE WebKit modules in web page display until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:6535

ALSA-2023:7055

BDU:2023-06727

CVE-2023-39434

DSA-5468-1

MGASA-2024-0148

OPENSUSE-SU-2023_4294-1

RHSA-2023:6535

RHSA-2023:7055

SUSE-SU-2023:4209-1

SUSE-SU-2023:4211-1

SUSE-SU-2023:4294-1

SUSE-SU-2023:4339-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Apple Macos

Red Hat

Suse

Ios

Ipados

Macos Sonoma

Watchos

CVE-2023-39434

Weakness Enumeration

Related Identifiers

Affected Products

References · 125