// For flags

CVE-2023-41993

Apple Multiple Products WebKit Code Execution Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

El problema se solucionó con controles mejorados. Este problema se solucionó en Safari 17, iOS 16.7 y iPadOS 16.7, macOS Sonoma 14. El procesamiento de contenido web puede provocar la ejecución de código arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7.

A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution.

Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-09-06 CVE Reserved
  • 2023-09-21 CVE Published
  • 2023-09-25 Exploited in Wild
  • 2023-10-16 KEV Due Date
  • 2023-10-19 First Exploit
  • 2024-08-29 CVE Updated
  • 2024-09-16 EPSS Updated
CWE
  • CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
 Ipados
Search vendor "Apple" for product "Ipados"
 < 17.0.1
Search vendor "Apple" for product "Ipados" and version " < 17.0.1"
-
Affected
Apple
Search vendor "Apple"
 Iphone Os
Search vendor "Apple" for product "Iphone Os"
 < 17.0.1
Search vendor "Apple" for product "Iphone Os" and version " < 17.0.1"
-
Affected
Apple
Search vendor "Apple"
 Macos
Search vendor "Apple" for product "Macos"
 < 14.0
Search vendor "Apple" for product "Macos" and version " < 14.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 37
Search vendor "Fedoraproject" for product "Fedora" and version "37"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 38
Search vendor "Fedoraproject" for product "Fedora" and version "38"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 39
Search vendor "Fedoraproject" for product "Fedora" and version "39"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 12.0
Search vendor "Debian" for product "Debian Linux" and version "12.0"
-
Affected
Oracle
Search vendor "Oracle"
 Graalvm
Search vendor "Oracle" for product "Graalvm"
 20.3.13
Search vendor "Oracle" for product "Graalvm" and version "20.3.13"
enterprise
Affected
Oracle
Search vendor "Oracle"
 Graalvm
Search vendor "Oracle" for product "Graalvm"
 21.3.9
Search vendor "Oracle" for product "Graalvm" and version "21.3.9"
enterprise
Affected
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.8.0
Search vendor "Oracle" for product "Jdk" and version "1.8.0"
update401
Affected
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.8.0
Search vendor "Oracle" for product "Jre" and version "1.8.0"
update401
Affected
Netapp
Search vendor "Netapp"
 Cloud Insights Acquisition Unit
Search vendor "Netapp" for product "Cloud Insights Acquisition Unit"
--
Affected
Netapp
Search vendor "Netapp"
 Cloud Insights Storage Workload Security Agent
Search vendor "Netapp" for product "Cloud Insights Storage Workload Security Agent"
--
Affected
Netapp
Search vendor "Netapp"
 Oncommand Insight
Search vendor "Netapp" for product "Oncommand Insight"
--
Affected
Netapp
Search vendor "Netapp"
 Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected