First published: Thu Nov 30 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: product-security@apple.com an anonymous researcher Zhenjiang Zhao Pangu TeamQianxin Junsung Lee Meysam Firouzi @R00tkitSMM Eloi Benoist-Vanderbeken @elvanderb SynacktivCVE-2023-42893 Csaba Fitzl @theevilbit OffSecZhongquan Li @Guluisacat Dawn Security Lab of JingDongCsaba Fitzl @theevilbit Offensive SecurityJoshua Jewett @JoshJewett33 Pwn2car Zoom Offensive Security Team Clément Lecigne Google's Threat Analysis GroupNan Wang @eternalsakura13 360 Vulnerability Research Instituterushikesh nandedkar rushikesh nandedka Noah Roskin-Frazee Pr Kirin @Pwnrin Michael DePlante @izobashi Trend Micro Zero Day Initiative
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/webkit2gtk | <2.42.3-0ubuntu0.22.04.1 | 2.42.3-0ubuntu0.22.04.1 |
ubuntu/webkit2gtk | <2.42.3-0ubuntu0.23.04.1 | 2.42.3-0ubuntu0.23.04.1 |
ubuntu/webkit2gtk | <2.42.3-0ubuntu0.23.10.1 | 2.42.3-0ubuntu0.23.10.1 |
ubuntu/webkit2gtk | <2.42.3 | 2.42.3 |
debian/webkit2gtk | <=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.42.2-1~deb11u1<=2.42.2-1~deb12u1 | 2.42.5-1~deb11u1 2.42.5-1~deb12u1 2.42.5-1 2.44.1-1 |
debian/wpewebkit | <=2.38.6-1~deb11u1<=2.38.6-1 | 2.42.5-1 2.44.1-1 |
Apple Multiple Products | ||
Apple macOS | <14.1.2 | 14.1.2 |
tvOS | <17.2 | 17.2 |
Apple iPhone | ||
Apple macOS | ||
Apple TV | ||
Apple Watch | ||
Apple iOS, iPadOS, and watchOS | <10.2 | 10.2 |
Safari | <17.1.2 | 17.1.2 |
Apple iOS and iPadOS | <17.1.2 | 17.1.2 |
Apple iOS, iPadOS, and macOS | <17.1.2 | 17.1.2 |
Apple iOS and iPadOS | <16.7.3 | 16.7.3 |
Apple iOS, iPadOS, and macOS | <16.7.3 | 16.7.3 |
Apple iOS and iPadOS | <15.8.1 | 15.8.1 |
Apple iOS, iPadOS, and macOS | <15.8.1 | 15.8.1 |
Safari | <17.1.2 | |
Apple iOS, iPadOS, and macOS | <15.8.1 | |
Apple iOS, iPadOS, and macOS | >=16.0<16.7.3 | |
Apple iOS, iPadOS, and macOS | >=17.0<17.1.2 | |
iPhone OS | <15.8.1 | |
iPhone OS | >=16.0<16.7.3 | |
iPhone OS | >=17.0<17.1.2 | |
macOS | >=14.0<14.1.2 | |
Red Hat Fedora | =38 | |
Red Hat Fedora | =39 | |
Debian Linux | =11.0 | |
Debian Linux | =12.0 | |
WebKitGTK+ | <2.42.3 |
Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2023-42916.
The title of this vulnerability is 'WebKit. An out-of-bounds read was addressed with improved input validation.'
The severity of CVE-2023-42916 is not mentioned in the description.
This vulnerability can be exploited by processing web content, which may disclose sensitive information.
To fix this vulnerability, update to the latest versions of affected software: iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2.