CVE-2023-41976

moderate-risk

Published 2023-10-25

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

Do I need to act?

0.26% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (6)

Safari

Ipados

Iphone Os

Macos

Tvos

Watchos

Affected Vendors

Apple

References (26)

Mailing List http://seclists.org/fulldisclosure/2023/Oct/19

Mailing List http://seclists.org/fulldisclosure/2023/Oct/22

Mailing List http://seclists.org/fulldisclosure/2023/Oct/23

Mailing List http://seclists.org/fulldisclosure/2023/Oct/24

Mailing List http://seclists.org/fulldisclosure/2023/Oct/25

Mailing List http://seclists.org/fulldisclosure/2023/Oct/27

Release Notes https://support.apple.com/en-us/HT213981

Release Notes https://support.apple.com/en-us/HT213982

Release Notes https://support.apple.com/en-us/HT213984

Release Notes https://support.apple.com/en-us/HT213986

Release Notes https://support.apple.com/en-us/HT213987

Release Notes https://support.apple.com/en-us/HT213988

https://support.apple.com/kb/HT213984

Mailing List http://seclists.org/fulldisclosure/2023/Oct/19

Mailing List http://seclists.org/fulldisclosure/2023/Oct/22

Mailing List http://seclists.org/fulldisclosure/2023/Oct/23

Mailing List http://seclists.org/fulldisclosure/2023/Oct/24

Mailing List http://seclists.org/fulldisclosure/2023/Oct/25

Mailing List http://seclists.org/fulldisclosure/2023/Oct/27

Release Notes https://support.apple.com/en-us/HT213981

and 6 more references

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 13/34 · Low