CVE-2023-41993

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVSS Metrics

• v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 24.89%• Percentile: 96%

Techniques & Countermeasures

• CWE-754•Improper Check for Unusual or Exceptional Conditions

  The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Affected Systems

• apple•ipados

  < 17.0.1

• apple•iphone_os

  < 17.0.1

• Unknown•macOS

  < 14.0 | ≥ unspecified, < 14

• debian•debian_linux

  11.0 | 12.0

• fedoraproject•fedora

  37 | 38 | 39

• netapp•active_iq_unified_manager

  na

• netapp•cloud_insights_acquisition_unit

  na

• netapp•cloud_insights_storage_workload_security_agent

  na

• netapp•oncommand_insight

  na

• netapp•oncommand_workflow_automation

  na

• oracle•graalvm

  20.3.13 | 21.3.9

• oracle•jdk

  1.8.0:update401

• oracle•jre

  1.8.0:update401

• Unknown•WebKitGTK

  < 2.42.2

References (7)

• https://support.apple.com/en-us/HT213940
• https://security.gentoo.org/glsa/202401-33
• https://security.netapp.com/advisory/ntap-20240426-0004/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993
• https://webkitgtk.org/security/WSA-2023-0009.html
• https://support.apple.com/kb/HT213930
• https://support.apple.com/kb/HT213926