CVE-2023-38599
webkitgtk: track sensitive user information
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.
A flaw was found in WebKitGTK, which exists due to a logic issue in WebKit related to a user's privacy. A remote attacker may be able to track sensitive user information.
This update for webkit2gtk3 fixes the following issues. Fixed information disclosure. Fixed Same-Origin-Policy bypass. Fixed arbitrary code execution. Fixed arbitrary code execution. Fixed arbitrary code execution. Fixed arbitrary code execution. Fixed sensitive user information tracking. Fixed arbitrary code execution. Fixed arbitrary code execution.. Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. Fixed a bug where processing web content may lead to arbitrary code execution. Fixed a bug where processing web content may lead to arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-20 CVE Reserved
- 2023-07-28 CVE Published
- 2025-02-13 CVE Updated
- 2025-05-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (13)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/en-us/HT213841 | 2024-01-05 | |
| https://support.apple.com/en-us/HT213842 | 2024-01-05 | |
| https://support.apple.com/en-us/HT213843 | 2024-01-05 | |
| https://support.apple.com/en-us/HT213846 | 2024-01-05 | |
| https://support.apple.com/en-us/HT213847 | 2024-01-05 | |
| https://support.apple.com/en-us/HT213848 | 2024-01-05 | |
| https://access.redhat.com/security/cve/CVE-2023-38599 | 2025-07-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2231020 | 2025-07-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | < 16.6 Search vendor "Apple" for product "Safari" and version " < 16.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 15.7.8 Search vendor "Apple" for product "Ipados" and version " < 15.7.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | >= 16.0 < 16.6 Search vendor "Apple" for product "Ipados" and version " >= 16.0 < 16.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 15.7.8 Search vendor "Apple" for product "Iphone Os" and version " < 15.7.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 16.0 < 16.6 Search vendor "Apple" for product "Iphone Os" and version " >= 16.0 < 16.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 13.0 < 13.5 Search vendor "Apple" for product "Macos" and version " >= 13.0 < 13.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 16.6 Search vendor "Apple" for product "Tvos" and version " < 16.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 9.6 Search vendor "Apple" for product "Watchos" and version " < 9.6" | - |
Affected
| ||||||