CVE-2023-42852

Advisory lineage Upstream: 0 Downstream: 17
Modified
Published: 25 Oct 2023, 18:32
Last modified:05 May 2025, 14:59

Vulnerability Summary

Overall Risk (default)
medium
36/100
CVSS Score
8.8 HIGH
v3.1 (cve.org)
EPSS Score
2.17% LOW
2% probability -0.18%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Oct 2023, 18:32
Published
Vulnerability first disclosed
05 May 2025, 14:59
Last Modified
Vulnerability information updated

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

CVSS Metrics

  • v3.1HIGHScore: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 2.17% Percentile: 84%

Affected Systems

  • UnknowniOS and iPadOS

    ≥ unspecified, < 16.7 | ≥ unspecified, < 17.1

  • appleipados

    < 16.7.2 | ≥ 17.0, < 17.1

  • appleiphone_os

    < 16.7.2 | ≥ 17.0, < 17.1

  • UnknownmacOS

    ≥ unspecified, < 14.1 | ≥ 14.0, < 14.1

  • applesafari

    ≥ unspecified, < 17.1 | < 17.1

  • appletvos

    ≥ unspecified, < 17.1 | < 17.1

  • applewatchos

    ≥ unspecified, < 10.1 | < 10.1

  • debiandebian_linux

    11.0 | 12.0

  • fedoraprojectfedora

    37

References (19)