CVE-2023-39434: Use After Free
First published: Mon Sep 18 2023(Updated: )
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Credit: product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPadOS | <17.0 | |
| Apple iPhone OS | <17.0 | |
| Apple macOS | <14.0 | |
| Apple watchOS | <10.0 | |
| Apple macOS Sonoma | <14 | 14 |
| <17 | 17 | |
| <17 | 17 | |
| Apple watchOS | <10 | 10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2023/Oct/3
- http://seclists.org/fulldisclosure/2023/Oct/8
- http://seclists.org/fulldisclosure/2023/Oct/9
- http://www.openwall.com/lists/oss-security/2023/09/28/3
- https://support.apple.com/en-us/HT213937 (Advisory)
- https://support.apple.com/en-us/HT213938 (Advisory)
- https://support.apple.com/en-us/HT213940 (Advisory)
- https://security.gentoo.org/glsa/202401-33
- https://support.apple.com/kb/HT213940
- https://webkitgtk.org/security/WSA-2023-0009.html#CVE-2023-39434
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2241406
- https://access.redhat.com/errata/RHSA-2023:6535
- https://access.redhat.com/errata/RHSA-2023:7055
- https://bugzilla.redhat.com/show_bug.cgi?id=2241405
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40384
- CVE-2023-32377
- CVE-2023-38615
- CVE-2023-40448
- CVE-2023-40432
- CVE-2023-42871
- CVE-2023-40399
- CVE-2023-40410
- CVE-2023-42872
- CVE-2023-42929
- CVE-2023-42925
- CVE-2023-38612
- CVE-2023-32361
- CVE-2023-35984
- CVE-2023-40402
- CVE-2023-40426
- CVE-2023-42876
- CVE-2023-41065
- CVE-2023-29497
- CVE-2023-38596
- CVE-2023-42943
- CVE-2023-40406
- CVE-2023-40420
- CVE-2023-40528
- CVE-2023-40438
- CVE-2023-41994
- CVE-2023-40407
- CVE-2023-32396
- CVE-2023-42933
- CVE-2023-41980
- CVE-2023-40411
- CVE-2023-40395
- CVE-2023-40391
- CVE-2023-40441
- CVE-2023-42959
- CVE-2023-23495
- CVE-2023-40434
- CVE-2023-38586
- CVE-2023-40436
- CVE-2023-40396
- CVE-2023-41995
- CVE-2023-42870
- CVE-2023-41981
- CVE-2023-41984
- CVE-2023-40429
- CVE-2023-41060
- CVE-2023-41067
- CVE-2023-40400
- CVE-2023-40454
- CVE-2023-41073
- CVE-2023-40403
- CVE-2023-40427
- CVE-2023-42957
- CVE-2023-32421
- CVE-2023-42826
- CVE-2023-42918
- CVE-2023-41986
- CVE-2023-40455
- CVE-2023-40386
- CVE-2023-38408
- CVE-2023-40401
- CVE-2023-40393
- CVE-2023-42949
- CVE-2023-42934
- CVE-2023-37448
- CVE-2023-38607
- CVE-2023-41987
- CVE-2023-41063
- CVE-2023-40422
- CVE-2023-39233
- CVE-2023-40388
- CVE-2023-35990
- CVE-2023-40417
- CVE-2023-40452
- CVE-2023-40430
- CVE-2023-41996
- CVE-2023-41078
- CVE-2023-41070
- CVE-2023-40541
- CVE-2023-41079
- CVE-2023-40443
- CVE-2023-41968
- CVE-2023-40450
- CVE-2023-42948
- CVE-2023-40424
- CVE-2023-39434
- CVE-2023-40414
- CVE-2023-41074
- CVE-2023-35074
- CVE-2023-41993
- CVE-2023-32359
- CVE-2023-40385
- CVE-2023-42833
- CVE-2023-38610
- CVE-2023-41066
- CVE-2023-41979
- CVE-2023-41174
- CVE-2023-40409
- CVE-2023-40412
- CVE-2023-41071
- CVE-2023-41068
- CVE-2023-40418
- CVE-2023-40456
- CVE-2023-40520
- CVE-2023-40419
- CVE-2023-40529
- CVE-2023-41232
- CVE-2023-41069
- CVE-2023-40431
- CVE-2023-41974
- CVE-2023-40428
Frequently Asked Questions
What is CVE-2023-39434?
CVE-2023-39434 is a use-after-free vulnerability in WebKit.
How does CVE-2023-39434 impact Apple iOS?
CVE-2023-39434 affects Apple iOS versions up to but excluding version 17.
How does CVE-2023-39434 impact Apple iPadOS?
CVE-2023-39434 affects Apple iPadOS versions up to but excluding version 17.
How does CVE-2023-39434 impact Apple watchOS?
CVE-2023-39434 affects Apple watchOS versions up to but excluding version 10.
How does CVE-2023-39434 impact Apple macOS Sonoma?
CVE-2023-39434 affects Apple macOS Sonoma versions up to but excluding version 14.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-39434?
The Common Weakness Enumeration (CWE) ID for CVE-2023-39434 is CWE-416.
How can I fix CVE-2023-39434?
To fix CVE-2023-39434, update your Apple device's operating system to a version that is not affected.
- agent/author
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/description
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/event
- collector/apple-support
- source/Apple
- alias/CVE-2023-40414
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-39434
- vendor/apple
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- canonical/apple watchos
- canonical/apple macos sonoma
- canonical/apple ios