CVE-2023-42917

Name of the Vulnerable Software and Affected Versions iOS versions prior to 17.1.2 iPadOS versions prior to 17.1.2 macOS Sonoma versions prior to 14.1.2 Safari versions prior to 17.1.2

Description A memory corruption issue was addressed with improved locking, which may lead to arbitrary code execution when processing web content. This issue is reportedly exploited against versions of iOS before iOS 16.7.1. The vulnerability is caused by a buffer overflow in the WebKit module, allowing an attacker to execute arbitrary code.

Recommendations For iOS versions prior to 17.1.2, update to iOS 17.1.2 or later. For iPadOS versions prior to 17.1.2, update to iPadOS 17.1.2 or later. For macOS Sonoma versions prior to 14.1.2, update to macOS Sonoma 14.1.2 or later. For Safari versions prior to 17.1.2, update to Safari 17.1.2 or later. As a temporary workaround, consider restricting access to web content to minimize the risk of exploitation.