CVE-2023-42843
First published: Wed Oct 25 2023(Updated: )
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
Credit: product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <17.1 | 17.1 |
| Apple iOS | <16.7.2 | 16.7.2 |
| Apple iPadOS | <16.7.2 | 16.7.2 |
| Apple iOS | <17.1 | 17.1 |
| Apple iPadOS | <17.1 | 17.1 |
| ubuntu/webkit2gtk | <2.44.0-0ubuntu0.22.04.1 | 2.44.0-0ubuntu0.22.04.1 |
| ubuntu/webkit2gtk | <2.44.0-0ubuntu0.23.10.1 | 2.44.0-0ubuntu0.23.10.1 |
| ubuntu/webkit2gtk | <2.44.0 | 2.44.0 |
| debian/webkit2gtk | <=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.42.2-1~deb11u1<=2.42.2-1~deb12u1 | 2.44.1-1~deb11u1 2.44.1-1~deb12u1 2.44.1-1 |
| debian/wpewebkit | <=2.38.6-1~deb11u1<=2.38.6-1 | 2.44.1-1 |
| Apple macOS Sonoma | <14.1 | 14.1 |
| redhat/WebKitGTK | <2.44.0 | 2.44.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213986 (Advisory)
- https://support.apple.com/en-us/HT213981 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://webkitgtk.org/security/WSA-2024-0002.html
- https://www.cve.org/CVERecord?id=CVE-2023-42843
- https://ubuntu.com/security/notices/USN-6732-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-42843
- https://launchpad.net/bugs/cve/CVE-2023-42843
- https://security-tracker.debian.org/tracker/CVE-2023-42843
- https://ubuntu.com/security/CVE-2023-42843
- https://support.apple.com/en-us/HT213984 (Advisory)
- http://www.openwall.com/lists/oss-security/2024/03/26/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2271721
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2274441
- https://access.redhat.com/errata/RHSA-2024:9144
- https://bugzilla.redhat.com/show_bug.cgi?id=2271717
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42843
- CVE-2023-41983
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-40413
- CVE-2023-40416
- CVE-2023-42848
- CVE-2023-40423
- CVE-2023-42849
- CVE-2023-40446
- CVE-2023-42942
- CVE-2023-40408
- CVE-2023-42846
- CVE-2023-42841
- CVE-2023-42873
- CVE-2023-41977
- CVE-2023-41997
- CVE-2023-41982
- CVE-2023-41254
- CVE-2023-32359
- CVE-2023-42952
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-42928
- CVE-2023-42834
- CVE-2023-42953
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42951
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42855
- CVE-2023-42878
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-40445
- CVE-2023-42939
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42945
- CVE-2023-41989
- CVE-2023-42854
- CVE-2023-42844
- CVE-2023-38403
- CVE-2023-42850
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-42856
- CVE-2023-40404
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-42889
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-42438
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
- CVE-2023-41975
- CVE-2023-42858
- agent/first-publish-date
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/type
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/references
- collector/nvd-cve
- source/NVD
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-42843
- vendor/apple
- canonical/apple safari
- canonical/apple ios
- canonical/apple ipados
- package-manager/ubuntu
- package-manager/debian
- canonical/apple macos sonoma
- package-manager/redhat