CVE-2023-42852
First published: Wed Oct 25 2023(Updated: )
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/webkit2gtk | <=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.40.5-1~deb11u1 | 2.42.4-1~deb11u1 2.42.2-1~deb12u1 2.42.4-1~deb12u1 2.42.4-1 |
| debian/wpewebkit | <=2.38.6-1~deb11u1<=2.38.6-1 | 2.42.4-1 |
| Apple macOS Sonoma | <14.1 | 14.1 |
| Apple iOS | <17.1 | 17.1 |
| Apple iPadOS | <17.1 | 17.1 |
| Apple iOS | <16.7.2 | 16.7.2 |
| Apple iPadOS | <16.7.2 | 16.7.2 |
| Apple watchOS | <10.1 | 10.1 |
| Apple tvOS | <17.1 | 17.1 |
| Apple Safari | <17.1 | 17.1 |
| Apple Safari | <17.1 | |
| Apple iPadOS | <16.7.2 | |
| Apple iPadOS | >=17.0<17.1 | |
| Apple iPhone OS | <16.7.2 | |
| Apple iPhone OS | >=17.0<17.1 | |
| Apple macOS | >=14.0<14.1 | |
| Apple tvOS | <17.1 | |
| Apple watchOS | <10.1 | |
| Fedoraproject Fedora | =37 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://webkitgtk.org/security/WSA-2023-0010.html
- https://security-tracker.debian.org/tracker/CVE-2023-42852
- https://support.apple.com/en-us/HT213981 (Advisory)
- https://support.apple.com/en-us/HT213986 (Advisory)
- https://support.apple.com/en-us/HT213987 (Advisory)
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT213988 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://support.apple.com/kb/HT213984
- http://seclists.org/fulldisclosure/2023/Oct/23
- http://seclists.org/fulldisclosure/2023/Oct/22
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/27
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/25
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/
- http://www.openwall.com/lists/oss-security/2023/11/15/1
- https://www.debian.org/security/2023/dsa-5557
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/
- https://security.gentoo.org/glsa/202401-33
- https://support.apple.com/kb/HT213988
- https://support.apple.com/kb/HT213987
- https://support.apple.com/kb/HT213986
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213981
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-42823
- CVE-2023-40413
- CVE-2023-42834
- CVE-2023-42953
- CVE-2023-42848
- CVE-2023-42849
- CVE-2023-42942
- CVE-2023-40408
- CVE-2023-42846
- CVE-2023-42839
- CVE-2023-42878
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-41254
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42873
- CVE-2023-42843
- CVE-2023-41983
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42952
- CVE-2023-42945
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-40449
- CVE-2023-41989
- CVE-2023-42854
- CVE-2023-42844
- CVE-2023-40416
- CVE-2023-40423
- CVE-2023-38403
- CVE-2023-42850
- CVE-2023-40446
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-42856
- CVE-2023-40404
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-42889
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42841
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-41977
- CVE-2023-42438
- CVE-2023-42836
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-42928
- CVE-2023-42951
- CVE-2023-42855
- CVE-2023-40445
- CVE-2023-42939
- CVE-2023-32359
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-42852.
What is the description of the vulnerability?
A logic issue was addressed with improved checks. Processing web content may lead to arbitrary code execution.
Which products are affected by this vulnerability?
The affected products include macOS Sonoma, Safari, iOS, iPadOS, watchOS, and tvOS.
Which versions are affected by this vulnerability?
Versions up to and excluding macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, watchOS 10.1, iOS 17.1 and iPadOS 17.1, tvOS 17.1 are affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, update to iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1.
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- package-manager/debian
- vendor/apple
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple safari
- canonical/apple macos sonoma
- canonical/apple ios
- canonical/apple ipados
- version/apple ipados/17.0
- canonical/apple iphone os
- version/apple iphone os/17.0
- canonical/apple macos
- version/apple macos/14.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- version/debian debian linux/12.0