CVE-2023-42916

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 17.1.2 iPadOS versions prior to 17.1.2 macOS Sonoma versions prior to 14.1.2 Safari versions prior to 17.1.2

Description The issue is related to an out-of-bounds read in the WebKit web browser engine, which may allow an attacker to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Recommendations For iOS versions prior to 17.1.2, update to iOS 17.1.2 or later. For iPadOS versions prior to 17.1.2, update to iPadOS 17.1.2 or later. For macOS Sonoma versions prior to 14.1.2, update to macOS Sonoma 14.1.2 or later. For Safari versions prior to 17.1.2, update to Safari 17.1.2 or later.

Exploit

Fix

Information Disclosure

Incorrect Privilege Assignment

Out of bounds Read

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-266CWE-125CWE-284

Related Identifiers

ALT-PU-2023-7817

ALT-PU-2023-7818

ALT-PU-2023-7819

BDU:2023-08366

CESA-2023_4202

CVE-2023-42916

DSA-5575-1

MGASA-2024-0148

RHSA-2023:4201

RHSA-2023:4202

RHSA-2023_4201

RHSA-2023_4202

RHSA-2025:10364

SUSE-SU-2023:4824-1

SUSE-SU-2023:4827-1

SUSE-SU-2023:4828-1

SUSE-SU-2023:4829-1

SUSE-SU-2023_4824-1

SUSE-SU-2023_4827-1

SUSE-SU-2023_4828-1

SUSE-SU-2023_4829-1

USN-6545-1

Affected Products

Alt Linux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Safari

Suse

Ubuntu

Webkit

Ios

Ipados

Macos Sonoma

CVE-2023-42916

Weakness Enumeration

Related Identifiers

Affected Products

References · 139