CVE-2023-41993
CVE-2023-41993
In short
A flaw in how macOS and iOS process web content could allow attackers to execute arbitrary code on your device. This vulnerability was actively exploited in the wild before it was patched.
Technical detail
Improper input validation in web content processing (CWE-754) allows remote code execution through crafted web content. The vulnerability affects iOS versions prior to 16.7 and macOS before Sonoma 14, with evidence of active exploitation in the wild prior to patch availability.
Summary generated and translated by AI from the official description.
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · macOSpublic PoCs found — 5
githubgithub.com/po6ix/POC-for-CVE-2023-41993★ 202githubgithub.com/hrtowii/cve-2023-41993-test★ 16githubgithub.com/0x06060606/CVE-2023-41993★ 5githubgithub.com/Mangaia/cve-test★ 0githubgithub.com/J3Ss0u/CVE-2023-41993★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://security.gentoo.org/glsa/202401-33https://security.netapp.com/advisory/ntap-20240426-0004/https://support.apple.com/en-us/HT213940https://support.apple.com/kb/HT213926https://support.apple.com/kb/HT213930https://webkitgtk.org/security/WSA-2023-0009.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993