Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-41993

Published: 21/09/2023 Updated: 26/04/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Apple

Vulnerability Summary

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os 17.0

apple iphone os

apple macos

apple safari

apple ipados

apple ipados 17.0

fedoraproject fedora 37

fedoraproject fedora 38

fedoraproject fedora 39

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian Security Advisories: DSA-5527-1 webkit2gtk -- security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-39928 Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution CVE-2023-41074 Junsung Lee and Me Li discovered that processi ...
Debian Security Advisories: DSA-5527-1 webkit2gtk -- security update
The webkit2gtk update released as 5527-1 introduced a regression that is causing programs such as yelp, liferea or gnucash to stop working in certain cases For the oldstable distribution (bullseye), this problem has been fixed in version 2421-1~deb11u2 We recommend that you upgrade your webkit2gtk packages For the detailed security status of w ...
Amazon Linux 2: ALAS-2024-2427
Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling (CVE-2022-32919) A website may be able to track the websites a user visited in Safari private browsing mode (CVE-2022-32933) A spoofing issue existed in the handling of URLs This issue was addressed wit ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: The issue was addressed with improved checks This issue is fixed in iOS 167 and iPadOS 167, iOS 1701 and iPadOS 1701, Safari 1661 Processing web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited against vers ...
Check Point Security Alerts: Apple Multiple Products Out of Bounds Write (CVE-2023-41993)
Check Point Reference: CPAI-2023-1375 Date Published: 14 Dec 2023 Severity: Critical ...
Apple: Safari 16.6.1
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: Safari 17
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: macOS Sonoma 14
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: macOS Ventura 13.6
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: iOS 16.7 and iPadOS 16.7
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...
Apple: iOS 17.0.1 and iPadOS 17.0.1
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...

Github Repositories

https://github.com/Ibinou/Ty

CVE-2023-41993 PoC exploit for CVE-2023-41993 It's written only up to addrof/fakeobj Reliability is not great If you want to make it better, try to spray structure IDs Brief Explanation You may want a detailed writeup for this but unfortunately I'm not afford the time to write the thing So I write some note here so you can understand how this works If you see t

https://github.com/IvanIVGrozny/IvanIVGrozny.github.io

pochost so this is just an implementation of the CVE-2023-41993 PoC by u/po6ix so that it works on GitHub Pages cause I'm too dumb for wampserver ivanivgroznygithubio

https://github.com/po6ix/POC-for-CVE-2023-41993

CVE-2023-41993 PoC exploit for CVE-2023-41993 It's written only up to addrof/fakeobj Reliability is not great If you want to make it better, try to spray structure IDs POC link po6ixgithubio/POC-for-CVE-2023-41993/pwnhtml I have decided to host with github pages from multiple requests Wish me luck that github won't block me Known Affected Versions

https://github.com/J3Ss0u/CVE-2023-41993

CVE-2023-41993 PoC exploit for CVE-2023-41993 It's written only up to addrof/fakeobj Reliability is not great If you want to make it better, try to spray structure IDs Known Affected Versions MacOS 140 iOS 170, 171 beta 1 iPadOS 170

https://github.com/jbspot/iOS-17-Jailbreak

iOS 17 - iOS 17.3 Jailbreak Solutions [2024]

iOS 17 - iOS 1731 Jailbreak Solutions Jailbreak has been confirmed for iOS 17, iOS 172, and iOS 173 based on the checkm8 exploit Several Jailbreak repo extraction and virtual jailbreak solutions confirmed for iOS 17 - 1731 versions You don’t need a computer or advanced sideload methods for repo extraction and virtual jailbreak methods you can directly install th

https://github.com/xookzjb/ios-17-3-jailbreak

iOS 17 - iOS 17.3 Jailbreak Solutions [2024]

iOS 17 - iOS 1731 Jailbreak Solutions Exciting news for iOS users! The latest iOS 17, iOS 172, and iOS 173 versions have been confirmed to have jailbreak capabilities thanks to the checkm8 exploit This means users can now unlock additional features and customization options on their devices What's particularly convenient is that you no longer need a computer or adva

Recent Articles

Apple fixes two new iOS zero-days exploited in attacks on iPhones
BleepingComputer • Lawrence Abrams • 05 Mar 2024

Apple fixes two new iOS zero-days exploited in attacks on iPhones By Lawrence Abrams March 5, 2024 04:34 PM 0 Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel r...

Read more...
Apple squashes security bugs after iPhone flaws exploited by Predator spyware
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone. The bugs are: Each bug, according to Apple, "may have been actively exploited against versions of iOS be...

Read more...

References

CWE-754https://support.apple.com/en-us/HT213940https://security.gentoo.org/glsa/202401-33https://security.netapp.com/advisory/ntap-20240426-0004/https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5527https://github.com/jbspot/iOS-17-Jailbreak
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook