Name of the Vulnerable Software and Affected Versions
Apple products (affected versions not specified)
Fedora 43
webkitgtk versions prior to 2.50.4
webkit2gtk in Debian
Description
This is a use-after-free issue within the WebKit component, found in Apple products, Fedora, and Debian. The vulnerability allows for potential arbitrary code execution when processing maliciously crafted web content. This flaw has been actively exploited in the wild, with reports indicating sophisticated attacks targeting specific individuals. The vulnerability stems from improper memory management within WebKit’s HTML parsing logic. Exploitation may lead to memory corruption, potentially enabling attackers to execute code, trigger crashes, or bypass security restrictions. The vulnerability is present in multiple Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS, as well as the Safari browser. It is also present in webkitgtk and webkit2gtk.
Recommendations
Update all Apple devices and the Safari browser to the latest available versions.
Update webkitgtk to version 2.50.4 or later.
Update webkit2gtk in Debian to the latest available version.