Lucene search
HistorySep 21, 2023 - 7:15 p.m.
CVE-2023-41993
macos sonoma
code execution
web content
ios 16.7
cve-2023-41993
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.003
Percentile
70.5%
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Affected configurations
Node
appleipadosRange<17.0.1
ORappleiphone_osRange<17.0.1
ORapplemacosRange<14.0
Node
fedoraprojectfedoraMatch37
ORfedoraprojectfedoraMatch38
ORfedoraprojectfedoraMatch39
Node
debiandebian_linuxMatch11.0
ORdebiandebian_linuxMatch12.0
Node
oraclegraalvmMatch20.3.13enterprise
ORoraclegraalvmMatch21.3.9enterprise
ORoraclejdkMatch1.8.0update401
ORoraclejreMatch1.8.0update401
Node
netappcloud_insights_acquisition_unitMatch-
ORnetappcloud_insights_storage_workload_security_agentMatch-
ORnetapponcommand_insightMatch-
ORnetapponcommand_workflow_automationMatch-
Node
webkitgtkwebkitgtk\+Range<2.42.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | ipados | * | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
| apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | macos | * | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| fedoraproject | fedora | 37 | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
| fedoraproject | fedora | 38 | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
| fedoraproject | fedora | 39 | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| debian | debian_linux | 12.0 | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
| oracle | graalvm | 20.3.13 | cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* |
| oracle | graalvm | 21.3.9 | cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
Related
fedora
fedora
[SECURITY] Fedora 38 Update: webkitgtk-2.42.1-1.fc38
2023-09-30 03:35:46
[SECURITY] Fedora 39 Update: webkitgtk-2.42.1-1.fc39
2023-10-01 03:40:30
[SECURITY] Fedora 37 Update: webkitgtk-2.42.1-1.fc37
2023-10-14 01:27:01
nessus
nessus
Fedora 39 : webkitgtk (2023-a4693c1c98)
2023-11-07 00:00:00
Fedora 38 : webkitgtk (2023-e2c2896d16)
2023-09-30 00:00:00
Apple iOS < 17.0.1 Multiple Vulnerabilities (HT213926)
2023-09-25 00:00:00
f5
f5
K000139793: MacOS vulnerability CVE-2023-41993
2024-05-27 00:00:00
vulnrichment
vulnrichment
CVE-2023-41993
2023-09-21 18:23:52
githubexploit
githubexploit
wolfi
wolfi
CVE-2023-41993 vulnerabilities
2024-09-30 09:32:54
cisa_kev
cisa_kev
Apple Multiple Products WebKit Code Execution Vulnerability
2023-09-25 00:00:00
ubuntucve
ubuntucve
CVE-2023-41993
2023-09-21 00:00:00
cvelist
cvelist
CVE-2023-41993
2023-09-21 18:23:52
openvas
openvas
Fedora: Security Advisory (FEDORA-2023-a4693c1c98)
2024-09-10 00:00:00
Apple Safari Security Update (HT213930)
2023-10-04 00:00:00
Fedora: Security Advisory for webkitgtk (FEDORA-2023-e2c2896d16)
2023-10-01 00:00:00
apple
apple
About the security content of Safari 16.6.1
2023-09-21 00:00:00
About the security content of iOS 17.0.1 and iPadOS 17.0.1
2023-09-21 00:00:00
About the security content of Safari 17
2023-09-26 00:00:00
attackerkb
attackerkb
CVE-2023-41993
2023-09-21 00:00:00
cve
cve
CVE-2023-41993
2023-09-21 19:15:11
debiancve
debiancve
CVE-2023-41993
2023-09-21 19:15:11
prion
prion
Code injection
2023-09-21 19:15:00
osv
osv
CVE-2023-41993
2023-09-21 19:15:11
CGA-qwp7-r45h-hfhv
2024-06-06 12:26:20
webkit2gtk vulnerabilities
2023-10-10 15:09:00
hivepro
hivepro
Apple Addresses Zero-Day Flaws Exploited in the Wild
2023-09-26 04:57:30
debian
debian
[SECURITY] [DSA 5527-1] webkit2gtk security update
2023-10-12 19:43:03
malwarebytes
malwarebytes
Emergency update! Apple patches three zero-days
2023-09-22 17:45:00
ubuntu
ubuntu
WebKitGTK vulnerabilities
2023-10-10 00:00:00
redhatcve
redhatcve
CVE-2023-41993
2023-09-25 05:24:30
redhat
redhat
(RHSA-2023:4202) Important: webkit2gtk3 security update
2023-07-18 14:24:59
(RHSA-2023:4201) Important: webkit2gtk3 security update
2023-07-18 14:24:50
thn
thn
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
2023-09-23 06:12:00
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
2023-10-05 03:42:00
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack
2024-08-29 15:59:00
gentoo
gentoo
WebKitGTK+: Multiple Vulnerabilities
2024-01-31 00:00:00
ibm
ibm
kaspersky
kaspersky
KLA65636 Multiple vulnerabilities in Oracle Java SE and GraalVM
2024-04-16 00:00:00
amazon
amazon
Important: webkitgtk4
2024-01-19 01:51:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2024-04-26 09:47:12
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.003
Percentile
70.5%
Related for NVD:CVE-2023-41993