CVE-2023-39434

CVSS 8.8 HIGHEPSS 1.5%CWE-416

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

26 sep 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Productos afectados

Apple · iOS and iPadOS Apple · macOS Apple · watchOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://security.gentoo.org/glsa/202401-33 https://support.apple.com/en-us/HT213937 https://support.apple.com/en-us/HT213938 https://support.apple.com/en-us/HT213940 https://webkitgtk.org/security/WSA-2023-0009.html http://www.openwall.com/lists/oss-security/2023/09/28/3