What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-42916.

What is the title of this vulnerability?

The title of this vulnerability is 'WebKit. An out-of-bounds read was addressed with improved input validation.'

What is the severity of CVE-2023-42916?

The severity of CVE-2023-42916 is not mentioned in the description.

How can this vulnerability be exploited?

This vulnerability can be exploited by processing web content, which may disclose sensitive information.

How can I fix this vulnerability?

To fix this vulnerability, update to the latest versions of affected software: iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2.

Vulnerability/
CVE-2023-42916

Exploited

medium

6.5

CWE

20 125

30/11/2023

29/11/2024

CVE-2023-42916: Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

First published: Thu Nov 30 2023(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: product-security@apple.com an anonymous researcher Zhenjiang Zhao Pangu TeamQianxin Junsung Lee Meysam Firouzi @R00tkitSMM Eloi Benoist-Vanderbeken @elvanderb SynacktivCVE-2023-42893 Csaba Fitzl @theevilbit OffSecZhongquan Li @Guluisacat Dawn Security Lab of JingDongCsaba Fitzl @theevilbit Offensive SecurityJoshua Jewett @JoshJewett33 Pwn2car Zoom Offensive Security Team Clément Lecigne Google's Threat Analysis GroupNan Wang @eternalsakura13 360 Vulnerability Research Instituterushikesh nandedkar rushikesh nandedka Noah Roskin-Frazee Pr Kirin @Pwnrin Michael DePlante @izobashi Trend Micro Zero Day Initiative

Affected Software	Affected Version	How to fix
ubuntu/webkit2gtk	<2.42.3-0ubuntu0.22.04.1	2.42.3-0ubuntu0.22.04.1
ubuntu/webkit2gtk	<2.42.3-0ubuntu0.23.04.1	2.42.3-0ubuntu0.23.04.1
ubuntu/webkit2gtk	<2.42.3-0ubuntu0.23.10.1	2.42.3-0ubuntu0.23.10.1
ubuntu/webkit2gtk	<2.42.3	2.42.3
debian/webkit2gtk	<=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.42.2-1~deb11u1<=2.42.2-1~deb12u1	2.42.5-1~deb11u1 2.42.5-1~deb12u1 2.42.5-1 2.44.1-1
debian/wpewebkit	<=2.38.6-1~deb11u1<=2.38.6-1	2.42.5-1 2.44.1-1
Apple Multiple Products
Apple macOS	<14.1.2	14.1.2
tvOS	<17.2	17.2
Apple iPhone
Apple macOS
Apple TV
Apple Watch
Apple iOS, iPadOS, and watchOS	<10.2	10.2
Safari	<17.1.2	17.1.2
Apple iOS and iPadOS	<17.1.2	17.1.2
Apple iOS, iPadOS, and macOS	<17.1.2	17.1.2
Apple iOS and iPadOS	<16.7.3	16.7.3
Apple iOS, iPadOS, and macOS	<16.7.3	16.7.3
Apple iOS and iPadOS	<15.8.1	15.8.1
Apple iOS, iPadOS, and macOS	<15.8.1	15.8.1
Safari	<17.1.2
Apple iOS, iPadOS, and macOS	<15.8.1
Apple iOS, iPadOS, and macOS	>=16.0<16.7.3
Apple iOS, iPadOS, and macOS	>=17.0<17.1.2
iPhone OS	<15.8.1
iPhone OS	>=16.0<16.7.3
iPhone OS	>=17.0<17.1.2
macOS	>=14.0<14.1.2
Red Hat Fedora	=38
Red Hat Fedora	=39
Debian Linux	=11.0
Debian Linux	=12.0
WebKitGTK+	<2.42.3

Remedy

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-42916.
What is the title of this vulnerability?
The title of this vulnerability is 'WebKit. An out-of-bounds read was addressed with improved input validation.'
What is the severity of CVE-2023-42916?
The severity of CVE-2023-42916 is not mentioned in the description.
How can this vulnerability be exploited?
This vulnerability can be exploited by processing web content, which may disclose sensitive information.
How can I fix this vulnerability?
To fix this vulnerability, update to the latest versions of affected software: iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2.

agent/type
agent/first-publish-date
agent/remedy
agent/title
agent/weakness
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2022-48618
alias/CVE-2024-23222
alias/CVE-2023-42916
alias/CVE-2023-42917
agent/severity
collector/launchpad-cve
source/Launchpad
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
collector/security-tracker-debian
source/Debian
collector/mitre-cve
source/MITRE
exploited/true
collector/cisa-known-exploited
source/CISA
agent/last-modified-date
agent/trending
agent/source
collector/apple-support
source/Apple
agent/software-canonical-lookup-request
agent/news-ai
alias/CVE-2023-42950
alias/CVE-2023-42893
alias/CVE-2023-42936
alias/CVE-2023-42947
alias/CVE-2023-40389
alias/CVE-2023-42890
alias/CVE-2023-42883
alias/CVE-2023-42919
alias/CVE-2023-42898
alias/CVE-2023-42899
alias/CVE-2023-42888
alias/CVE-2023-42914
agent/references
agent/author
agent/description
agent/event
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
collector/nvd-cve
package-manager/ubuntu
package-manager/debian
vendor/apple
canonical/apple multiple products
canonical/apple macos
canonical/tvos
canonical/apple iphone
canonical/apple tv
canonical/apple watch
canonical/apple ios, ipados, and watchos
canonical/safari
canonical/apple ios and ipados
canonical/apple ios, ipados, and macos
version/apple ios, ipados, and macos/16.0
version/apple ios, ipados, and macos/17.0
canonical/iphone os
version/iphone os/16.0
version/iphone os/17.0
canonical/macos
version/macos/14.0
vendor/fedoraproject
canonical/red hat fedora
version/red hat fedora/38
version/red hat fedora/39
vendor/debian
canonical/debian linux
version/debian linux/11.0
version/debian linux/12.0
vendor/webkitgtk
canonical/webkitgtk+