Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-2452
Vulnerability from csaf_certbund - Published: 2023-09-26 22:00 - Updated: 2023-09-26 22:00Summary
Apple Safari: Mehre Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Safari ist der auf Apple Geräten eingesetzte Web Browser.
Angriff: Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Code auszuführen oder UI-Spoofing zu betreiben.
Betroffene Betriebssysteme: - MacOS X
- iPhoneOS
Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht näher erläutert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers.
Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht näher erläutert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers.
Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht näher erläutert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers.
Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht näher erläutert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers.
Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht näher erläutert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers.
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Safari ist der auf Apple Ger\u00e4ten eingesetzte Web Browser.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Code auszuf\u00fchren oder UI-Spoofing zu betreiben.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X\n- iPhoneOS",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2452 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2452.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2452 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2452"
},
{
"category": "external",
"summary": "Apple Security Update vom 2023-09-26",
"url": "https://support.apple.com/en-us/HT213941"
}
],
"source_lang": "en-US",
"title": "Apple Safari: Mehre Schwachstellen",
"tracking": {
"current_release_date": "2023-09-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:52.479+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2452",
"initial_release_date": "2023-09-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apple Safari \u003c 17",
"product": {
"name": "Apple Safari \u003c 17",
"product_id": "T030079",
"product_identification_helper": {
"cpe": "cpe:/a:apple:safari:17"
}
}
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41993",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht n\u00e4her erl\u00e4utert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers."
}
],
"release_date": "2023-09-26T22:00:00.000+00:00",
"title": "CVE-2023-41993"
},
{
"cve": "CVE-2023-41074",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht n\u00e4her erl\u00e4utert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers."
}
],
"release_date": "2023-09-26T22:00:00.000+00:00",
"title": "CVE-2023-41074"
},
{
"cve": "CVE-2023-40451",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht n\u00e4her erl\u00e4utert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers."
}
],
"release_date": "2023-09-26T22:00:00.000+00:00",
"title": "CVE-2023-40451"
},
{
"cve": "CVE-2023-40417",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht n\u00e4her erl\u00e4utert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers."
}
],
"release_date": "2023-09-26T22:00:00.000+00:00",
"title": "CVE-2023-40417"
},
{
"cve": "CVE-2023-35074",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple Safari. Diese Fehler existieren in der WebKit-Komponente, werden aber nicht n\u00e4her erl\u00e4utert. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder UI-Spoofing zu betreiben. Eine erfolgreiche Ausnutzung erfordert eine Interaktion des Nutzers."
}
],
"release_date": "2023-09-26T22:00:00.000+00:00",
"title": "CVE-2023-35074"
}
]
}
CVE-2023-35074 (GCVE-0-2023-35074)
Vulnerability from cvelistv5 – Published: 2023-09-26 20:12 – Updated: 2025-05-05 15:17
VLAI
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Processing web content may lead to arbitrary code execution
- CWE-noinfo Not enough information
Assigner
References
14 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-29T13:17:25.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213938"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213936"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213941"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213940"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213937"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-35074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:54.551848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T15:17:38.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T15:06:29.418Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938"
},
{
"url": "https://support.apple.com/en-us/HT213936"
},
{
"url": "https://support.apple.com/en-us/HT213941"
},
{
"url": "https://support.apple.com/en-us/HT213940"
},
{
"url": "https://support.apple.com/en-us/HT213937"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/10"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/8"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/9"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-35074",
"datePublished": "2023-09-26T20:12:05.743Z",
"dateReserved": "2023-07-20T15:03:50.114Z",
"dateUpdated": "2025-05-05T15:17:38.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40417 (GCVE-0-2023-40417)
Vulnerability from cvelistv5 – Published: 2023-09-26 20:12 – Updated: 2025-11-04 19:18
VLAI
EPSS
Summary
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Visiting a website that frames malicious content may lead to UI spoofing
Assigner
References
11 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:18:49.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213938"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213941"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213940"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213937"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/3"
},
{
"url": "https://support.apple.com/kb/HT213941"
},
{
"url": "https://support.apple.com/kb/HT213938"
},
{
"url": "https://support.apple.com/kb/HT213937"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:28:52.314862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:49:17.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a website that frames malicious content may lead to UI spoofing",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T04:06:24.603Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938"
},
{
"url": "https://support.apple.com/en-us/HT213941"
},
{
"url": "https://support.apple.com/en-us/HT213940"
},
{
"url": "https://support.apple.com/en-us/HT213937"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/8"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/9"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40417",
"datePublished": "2023-09-26T20:12:00.979Z",
"dateReserved": "2023-08-14T20:26:36.258Z",
"dateUpdated": "2025-11-04T19:18:49.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40451 (GCVE-0-2023-40451)
Vulnerability from cvelistv5 – Published: 2023-09-26 20:14 – Updated: 2025-02-13 17:08
VLAI
EPSS
Summary
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- An attacker with JavaScript execution may be able to execute arbitrary code
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-29T13:17:26.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213941"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T19:54:23.789025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T18:34:05.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with JavaScript execution may be able to execute arbitrary code",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T15:06:38.133Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213941"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"url": "https://security.gentoo.org/glsa/202401-33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40451",
"datePublished": "2023-09-26T20:14:38.617Z",
"dateReserved": "2023-08-14T20:26:36.268Z",
"dateUpdated": "2025-02-13T17:08:21.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41074 (GCVE-0-2023-41074)
Vulnerability from cvelistv5 – Published: 2023-09-26 20:14 – Updated: 2025-02-13 17:08
VLAI
EPSS
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Processing web content may lead to arbitrary code execution
Assigner
References
15 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-29T13:17:27.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213938"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213936"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213941"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213940"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213937"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5527"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T15:06:26.967Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938"
},
{
"url": "https://support.apple.com/en-us/HT213936"
},
{
"url": "https://support.apple.com/en-us/HT213941"
},
{
"url": "https://support.apple.com/en-us/HT213940"
},
{
"url": "https://support.apple.com/en-us/HT213937"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/10"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/8"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/9"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/3"
},
{
"url": "https://www.debian.org/security/2023/dsa-5527"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-41074",
"datePublished": "2023-09-26T20:14:43.087Z",
"dateReserved": "2023-08-22T18:10:00.331Z",
"dateUpdated": "2025-02-13T17:08:55.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41993 (GCVE-0-2023-41993)
Vulnerability from cvelistv5 – Published: 2023-09-21 18:23 – Updated: 2025-11-04 19:21
VLAI
EPSS
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
7 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | macOS |
Affected:
unspecified , < 14
(custom)
|
|
| apple | iphone_os |
Affected:
0 , < 17.0.1
(custom)
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* |
|
| apple | ipad_os |
Affected:
0 , < 17.0.1
(custom)
cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 14.0
(custom)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
|
| fedoraproject | fedora |
Affected:
37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
|
| fedoraproject | fedora |
Affected:
38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
| fedoraproject | fedora |
Affected:
39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
|
| debian | debian_linux |
Affected:
11.0
Affected: 12.0 cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
|
| oracle | graalvm |
Affected:
20.3.13
cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:* |
|
| oracle | graalvm |
Affected:
21.3.9
cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:* |
|
| oracle | jdk |
Affected:
1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:* |
|
| oracle | jre |
Affected:
1.8.0
cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:* |
|
| netapp | cloud_insights_acquisition_unit |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:* |
|
| netapp | cloud_insights_storage_workload_security_agent |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:* |
|
| netapp | oncommand_insight |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
|
| netapp | oncommand_workflow_automation |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "37"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "38"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "39"
}
]
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "debian_linux",
"vendor": "debian",
"versions": [
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "debian_linux",
"vendor": "debian",
"versions": [
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graalvm",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "20.3.13"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graalvm",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "21.3.9"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jdk",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "1.8.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jre",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "1.8.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_insights_acquisition_unit",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_insights_storage_workload_security_agent",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncommand_insight",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncommand_workflow_automation",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-41993",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T02:17:52.028515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-09-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:37.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-25T00:00:00.000Z",
"value": "CVE-2023-41993 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:21:43.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213940"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0004/"
},
{
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
},
{
"url": "https://support.apple.com/kb/HT213930"
},
{
"url": "https://support.apple.com/kb/HT213926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:06:59.072Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940"
},
{
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-41993",
"datePublished": "2023-09-21T18:23:52.197Z",
"dateReserved": "2023-09-06T17:40:06.142Z",
"dateUpdated": "2025-11-04T19:21:43.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…