CVE-2023-40451: Use After Free
First published: Tue Sep 26 2023(Updated: )
An attacker with JavaScript execution may be able to execute arbitrary code. This issue was addressed with improved iframe sandbox enforcement. Reference: <a href="https://webkitgtk.org/security/WSA-2023-0009.html#CVE-2023-40451">https://webkitgtk.org/security/WSA-2023-0009.html#CVE-2023-40451</a>
Credit: product-security@apple.com Anonymous Dong Jun Kim @smlijun AbyssLabJong Seong Kim @nevul37 AbyssLabFrancisco Alonso @revskills PK Security PK SecurityDohyun Lee @l33d0hyun PK SecurityFrancisco Alonso @revskills 이준성(Junsung Lee) Cross Republican anonymous researcher Jie Ding @Lime HKUS3 Lab zhunki 이준성(Junsung Lee) Bill Marczak The Citizen Lab at The University of Toronto's Munk SchoolMaddie Stone Google's Threat Analysis GroupNarendra Bhati (twitter.com/imnarendrabhati) Suma Soft PvtPune (India)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | <17 | 17 |
| Safari | <17.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://webkitgtk.org/security/WSA-2023-0009.html#CVE-2023-40451
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2241410
- https://access.redhat.com/errata/RHSA-2023:6535
- https://access.redhat.com/errata/RHSA-2023:7055
- https://bugzilla.redhat.com/show_bug.cgi?id=2241409
- https://support.apple.com/en-us/HT213941 (Advisory)
- http://www.openwall.com/lists/oss-security/2023/09/28/3
- http://seclists.org/fulldisclosure/2023/Oct/2
- https://security.gentoo.org/glsa/202401-33
- https://support.apple.com/kb/HT213941
- https://support.apple.com/en-us/120330 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this issue in WebKit?
The vulnerability ID for this issue in WebKit is CVE-2023-40451.
How was this issue addressed?
This issue was addressed with improved iframe sandbox enforcement.
Which software is affected by this vulnerability?
The Apple Safari browser version up to but excluding 17 is affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, update your Apple Safari browser to version 17 or newer.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found on Apple's support page: https://support.apple.com/en-us/HT213941
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-40451
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- alias/CVE-2023-42833
- alias/CVE-2023-39434
- alias/CVE-2023-40414
- alias/CVE-2023-42970
- alias/CVE-2023-41074
- alias/CVE-2023-35074
- alias/CVE-2023-42875
- alias/CVE-2023-41993
- alias/CVE-2023-40385
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/tags
- vendor/apple
- canonical/safari