CVE-2023-43000

Name of the Vulnerable Software and Affected Versions Apple macOS versions prior to 13.5 Apple iOS versions prior to 16.6 Apple iPadOS versions prior to 16.6 Apple Safari versions prior to 16.6 WebKitGTK webkit2gtk in Debian Linux wpewebkit in Debian Linux webkit2gtk3 in SberLinux

Description A use-after-free issue exists due to improper memory management. Processing maliciously crafted web content may lead to memory corruption. Reports indicate this issue affects approximately 2 billion Apple devices and is currently being exploited. The vulnerability impacts multiple Apple products and WebKit-based browsers. The issue can be triggered by processing malicious web content, potentially leading to unauthorized access to data. The vulnerability is related to the handling of memory after it has been freed, which can allow an attacker to overwrite memory and execute arbitrary code.

Recommendations Update macOS to version 13.5 or later. Update iOS to version 16.6 or later. Update iPadOS to version 16.6 or later. Update Safari to version 16.6 or later. Upgrade webkit2gtk packages to version 2.42.1-1~deb11u2 for Debian's oldstable distribution (bullseye). Upgrade wpewebkit packages in Debian Linux. Upgrade webkit2gtk3 packages in SberLinux.