CVE-2023-42950

moderate-risk
Published 2024-03-28

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Do I need to act?

-
0.65% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Apple

References (17)

http://www.openwall.com/lists/oss-security/2024/03/26/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Release Notes https://support.apple.com/en-us/HT214035
Release Notes https://support.apple.com/en-us/HT214036
Release Notes https://support.apple.com/en-us/HT214039
Release Notes https://support.apple.com/en-us/HT214040
Release Notes https://support.apple.com/en-us/HT214041
https://support.apple.com/kb/HT214039
http://www.openwall.com/lists/oss-security/2024/03/26/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://security.netapp.com/advisory/ntap-20241018-0009/
Release Notes https://support.apple.com/en-us/HT214035
Release Notes https://support.apple.com/en-us/HT214036
Release Notes https://support.apple.com/en-us/HT214039
Release Notes https://support.apple.com/en-us/HT214040
Release Notes https://support.apple.com/en-us/HT214041
https://support.apple.com/kb/HT214039
45
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 2/34 · Minimal
Exposure 13/34 · Low