CVE-2023-41993

critical-risk

Published 2023-09-21

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Do I need to act?

24.4% chance of exploitation in next 30 days

EPSS score — higher than 76% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (19)

Ipados

Iphone Os

Macos

Fedora

Debian Linux

Graalvm

Jdk

Jre

Active Iq Unified Manager

Cloud Insights Acquisition Unit

Cloud Insights Storage Workload Security Agent

Oncommand Insight

Oncommand Workflow Automation

Webkitgtk\+

Affected Vendors

Debian Apple Oracle Fedoraproject Netapp Webkitgtk

References (10)

Third Party Advisory https://security.gentoo.org/glsa/202401-33

Third Party Advisory https://security.netapp.com/advisory/ntap-20240426-0004/

Vendor Advisory https://support.apple.com/en-us/HT213940

Third Party Advisory https://security.gentoo.org/glsa/202401-33

Third Party Advisory https://security.netapp.com/advisory/ntap-20240426-0004/

Vendor Advisory https://support.apple.com/en-us/HT213940

Vendor Advisory https://support.apple.com/kb/HT213926

Vendor Advisory https://support.apple.com/kb/HT213930

Third Party Advisory https://webkitgtk.org/security/WSA-2023-0009.html

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...

/ 100

critical-risk

Severity 30/34 · Critical

Exploitability 22/34 · High

Exposure 19/34 · Moderate