CVE-2023-41993

Published Sep 21, 2023

Last updated 5 months ago

Exploit known CVSS high 8.8

Overview

Description: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Known exploits

Data from CISA

Vulnerability name: Apple Multiple Products WebKit Code Execution Vulnerability
Exploit added on: Sep 25, 2023
Exploit action due: Oct 16, 2023
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov: CWE-754
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-754

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FE34465-0131-48BD-9BB6-47F83243BAE3",
            "versionEndExcluding": "17.0.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB5FD4B4-540C-4068-90D2-BEC12CDF54D9",
            "versionEndExcluding": "17.0.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605",
            "versionEndExcluding": "14.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00EDC8FF-13F2-4218-9EF4-B509364AE7B3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "938A32D1-FBAB-42AE-87A7-AB19402B561A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update401:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9155227-6787-4FAA-BB2C-C99D77DD2111"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update401:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD4CDABD-BC1E-4A23-8022-D7A0E615C9F4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
          },
          {
            "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "076EFDED-230F-4848-A138-4CFDF6B863B3",
            "versionEndExcluding": "2.42.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Known exploits

Weaknesses

Social media

Configurations

References