Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

Related CPE's

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

apple

macos

Vulnerable

a

webkitgtk

webkitgtk

Vulnerable

a

wpewebkit

wpe_webkit

Vulnerable

References

http://www.openwall.com/lists/oss-security/2023/09/11/1

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202401-04

https://support.apple.com/en-us/HT213670

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213676

Release NotesVendor Advisory

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-14T23:15:10.830

11 months ago

Last modified

2024-01-05T14:15:46.227

6 months ago